Should you insure yourself against cyber-attacks?

Ninja Hacker

Ninja Hacker

The South African 2014 cybercrime losses are estimated at R5.8-billion and statistics show it takes on average 200 days for an organisation to identify a breach. In light of this and with the recent report that the Afrikaans singer, Steve Hofmeyr’s, website was brought down by a Distributed Denial of Service (DDoS attack), allegedly implemented by hacktivist group Anonymous Africa, businesses and individuals must take heed and protect themselves from the possible consequences of a breach.

Following the attack on Hofmeyr’s website, the group tweeted: “You will be happy to know we are currently running ‘miniop’ (mini operation) against the racist @steve_hofmeyer.”

Anonymous Africa was reportedly also behind the cyber-attacks on the ANC’s website and Zimbabwe’s state-run newspaper, The Herald, in 2013. The ANC confirmed the attack in a statement saying: “The African National Congress has noted that someone calling themselves Anonymous and claiming to be the legitimate representative of the people of Zimbabwe has flooded the website of our organisation.” A Twitter account allegedly belonging to the hacker behind the attack tweeted minutes before the ANC website was shut down: “tick tock tick tock, your site will stop working in 40 minutes.”

Later targets of the world-wide hacktivist group Anonymous included government agencies of the US, Israel, Tunisia, Uganda, and others; child pornography sites; copyright protection agencies; the Westboro Baptist Church; and corporations such as PayPal, MasterCard, Visa, Sony and Independent Newspapers’ Independent Online (IOL) in South Africa.

Most recently, the group has vowed to attack terrorist websites and social media accounts in revenge for the killing of Charlie Hebdo journalists too. The announcement stated: “We, Anonymous around the world, have decided to declare war on you, the terrorists” and promises to avenge the killings by “shut(ting) down your accounts on all social networks”

We Are Legion: The Story of the Hacktivists is a documentary that takes us inside the world of Anonymous, the radical “hacktivist” collective that has redefined civil disobedience for the digital age. Related groups LulzSec and Operation AntiSec carried out cyber-attacks on government agencies, media, video game companies, military contractors, military personnel, and police officers which resulted in the attention of law enforcement agencies being drawn to these groups and their activities.

If caught in South Africa the hacktavists could be charged under the Electronic Communications and Transactions Act (ECT) – Act 25 of 2002 – which states: A person convicted of an offence could be liable for a fine or imprisonment for a period not exceeding five years

The risks an individual and/or company are exposed to are, inter alia:

  • System unavailability and downtime
  • Starting from scratch – rebuilding entire website
  • Business being held to ransom
  • Loss of revenue
  • Loss of data
  • Reputational damage and costs associated with looking to reduce the impact of a breach
  • Loss of competitive advantage
  • Industry and regulatory fines and penalties (PoPI)
  • Litigation arising from compromised data

Insureance may therefore be a good bet, but what should a cyber-insurance policy cover?

  • First Party Expenses (actual costs to restore, re-collect or replace data, costs and expenses of specialists, investigators, forensic auditors or loss adjusters, costs and expenses for the use of rented, leased or hired external equipment, services, labour, premises or additional operating costs including staff overtime)
  • Loss of Business Income (net income which would have been earned had the breach not occurred)
  • Notification Expenses (expenses incurred to comply with privacy legislation such as legal expenses and communication expenses through mail, call centres, website and customer support expenses)
  • Crisis Management Expenses (services of a public relations consultant, related advertising or communication expenses)
  • Associated regulatory fines and penalties to the extent insurable by law



Sign up to our newsletter to get the latest in digital insights. sign up

Welcome to Memeburn

Sign up to our newsletter to get the latest in digital insights.