By Iniel Dreyer, MD at Data Management Professionals South Africa
As cybercrime statistics continue to escalate, insurance providers have started offering cyber insurance cover to businesses. Intended to assist organisations to handle the financial impact of a cyberattack, such cover is useful but requires a solid backup and data recovery plan to place the insured company in the same position they were before the attack materialised. A backup and recovery plan reduces the risk and impact of cyberattack, while helping the business to get back on their feet as quickly as possible. It’s a win-win for both parties, and as such it makes good business sense for insurers to insist that a backup and recovery plan is a prerequisite for cyber insurance cover.
The cybercrime landscape
A study conducted by Kaspersky highlighted a 24% spike in ransomware in South Africa from Q1 2021 to Q2 2021 along with a 14% increase in crypto-miner malware. According to an IBM study, a data breach in South Africa costs on average R36.5 million, and the aftermath of a data breach can be felt for years after the incident. However, large businesses are not the only targets. Hackers are indiscriminate and 43% of cyber-attacks target small businesses, yet small businesses face disproportionately larger costs relative to bigger corporates, which can hamper their ability to recover financially.
There is a clear need for insurance providers and technology companies to work together in educating their client businesses on the risks and implications of data losses, while positively demonstrating the value in steps that can be taken to prevent and remediate.
A serious risk for all businesses
Data is one of the most valuable business assets today but keeping that data protected and consistently available, no matter where it is stored across the business - whether on-premises data centres to hybrid cloud architecture - is becoming increasingly complicated. Having a realistic data management, backup and recovery plan in place is critical for any business that has an internet connection and that deals with customer data. Currently the trend is to focus on breach prevention, but it will be necessary to pay just as much attention to remediation and recovery after an event.
Uniting prevention and remediation
The purpose of data backup and recovery is to create a copy of data that can be recovered in the event of a primary data failure, such as hardware or software failure, data corruption, or malicious attack. Accordingly, proactive, not reactive data recovery plans and procedures are necessary. Businesses will have to start with an audit of their data, which includes assessing priority levels for recovery in the event of a breach.
By partnering with a data management specialist, companies can outsource the management, protection and recovery of data entirely to a trusted third-party provider. Backup as a Service levels the playing field for businesses of all sizes, and because it’s consumption-based it becomes an operational expense rather than a capital outlay. From a premium and a cost of risk perspective, having the proper data backup and recovery systems in place will benefit the insured.
Collaborative crime-fighting opportunity
In terms of choosing cyber insurance, businesses should be engaging with their insurance providers, and driving the demand for cover products that are better aligned with prevention and remediation of cyber-attacks. This is a golden opportunity for a mutually beneficial synergy between insurance providers and data management and cybersecurity technology companies to work hand-in-hand. By coming together, insurers and technology companies can play a critical role in addressing cybercrime and helping companies large and small protect their business-critical data properly.