Cyber risks highlighted at InsureTalk36

MunichRe, the world’s largest reinsurance company, was the headline sponsor at InsureTalk36, which took place online on Thursday, 21 September 2023. Presentations focused on cyber risks and specialist lines.

Our first speakers were MunichRe’s Wolfgang Boffo, who gave us a refresher on cyber risk insurance, and Harprit Narang Singh, who spoke on cyber risk security hygiene.

“People often have the wrong views on what cyber risks are, and how to make them insurable,” said Wolfgang. He defined cyber risks as “risks arising from the storage, usage, computation, and/or transmission of electronic data”, adding that all companies are susceptible. 

“If data is gone, if data is corrupted or if systems are not available, it can cause first-party losses and third-party liabilities. From an insurance perspective, we strongly believe that this must not be blended into property or casualty insurance as an add-on. The insurance industry has really tried to carve out the so-called silent cyber pieces and make it an affirmative cover and place it as a standalone product.”

A cyber risk is triggered by an insured event, such as a data breach, third-party claim, cyber extortion or a cyber incident on your system or the system of a named service provider. He spoke about POPI and GDPR as legislation frameworks to protect third-party data and some of the fines levied against transgressors. 

“It’s also important to highlight the first-party elements,” he said, showing the following slide with details of first- and third-party cover types:

He pointed out that third-party liability cover tends to be more old-fashioned, while first-party cover is the more current type of cover. Pre- and post-incident cover form part of the policy.

Wolfgang went on to unpack a few claims case studies from incidents around the world and a typical modus operandi of criminal syndicates. He also discussed pricing trends, before sharing a video on the results of MunichRe’s Global Cyber Insurance and Risk Survey 2022.  

Here are some of the trends highlighted by recent MunichRe surveys:

“It’s not a question of ‘if’, but ‘when’ you will be the victim of a cyber attack,” he said. “You should be prepared for that.”

Harprit’s presentation opened with a discussion on the top six cyber threats currently faced by businesses and individuals around the world.

“The way these threats are developing makes it quite complex for an organisation to detect and protect against,” he said. 

Harprit’s next slide covered the ‘must-haves’ in terms of the types of security hygiene that should be applied across industries:

IISA CEO Thokozile Mahlangu gave her traditional update on the goings-on at the institute, which provides the CPD accreditation (2.5 hours) for the InsureTalk series. Thokozile spoke on five points:

1. AIE – early bird registration for AIE 2024 is open until the end of December, after which normal rates will apply. You can register here.

2. A new channel for SMME brokers, insurance startups, etc. to become corporate members of the IISA – along with all the benefits that corporate membership provides. Contact vumokuhle@iisa.co.za to secure your special membership rate!

3. In-person seminars – your opportunity to learn and grow as an insurance professional; and webinars – there are about three or four of these sessions a week providing an opportunity for continual professional development for members and non-members alike.

4. 2023 Insurance Director Training – starting in October for eligible individuals in conjunction with the Institute of Directors.

5. T-shirts for IISA Fellows are available now for order! Associate and Licentiate T-shirts will be available soon. Check out Thokozile in her Fellow T-shirt below:

FA News editor and “mother” of Insurance Apprentices, past and present, Rianet Whitehead, provided some fascinating insights into news and happenings in the industry, specifically The Insurance Apprentice. Applications for the next season close on 30 September, which is just around the corner! If you are 35 or younger, if you’ve been in the (non-life) industry for four years or more, then this is something you need to consider,” she said. “This is an opportunity to grow both personally and professionally, both during the week of filming and afterwards.”

Rianet played an interview with 2023 Insurance Apprentice winner, Christopher Appinah (pictured below), on his journey in the competition and the change it has brought in his life. 

After Christopher’s interview, Rianet spoke about The Claims Forum, which was started by Christopher together with a group of TIA winners and a few other insurance professionals. The forum hosts monthly sessions of interest to claims specialists and all are welcome. For more info, check out the upcoming issue of FA News or visit the The Claims Forum (South Africa) on LinkedIn. 

Charl Ueckermann, group CEO of AVeS Cyber International, returned to the InsureTalk hot seat with a talk on the latest cyber security incidents in Southern Africa and how they could have been avoided. Charl shared real-life examples that AVeS has handled during 2023, covering topics like compromised user credentials, blackmail, targeted attacks, and clicking on links in emails, and discussing various methods that companies can use to minimise the risks of these incidents occurring. 

These are some of the threats faced by organisations of all sizes and in all sectors…

… and the minimum requirements from an insurance point of view:

He encouraged delegates to complete a high-level risk assessment by visiting https://assessment.aves.co.za. 

“If you meet the requirements set out in this assessment, your business is 99% likely to meet the requirements from an insurance perspective,” he said. 

Before our last speaker, MC Christelle Colman reminded guests to register for next month’s InsureTalk Live session. It’s going to be a one-day InsureTalk hybrid session for insurance professionals across the whole value chain. It’s taking place on 26 October at The Venue in Melrose Arch, Johannesburg from 9am to 3pm, with an online option available for those who can’t be there in person. Virtual attendance will be free. There are still a few tickets available for the live event. The early-bird rate applies to group bookings of five people or more. For more info or to book, click here. 

ITOO Special Risks’ Ryan van de Coolwijk shared an interestingly titled presentation, “Cats and Mice: The Evolution of Cyberattacks”. He spoke on the psychology of a hacker, evolution of email attacks to business email compromise (BEC), ransomware evolution to full-blown cyber extortion, deep fakes, and worm GPT.

“In the past, selling cyber insurance was like trying to sell ice to Eskimos,” he said. “When you spoke about cyber insurance, people looked at you as though you stepped off the moon. They would say things like, ‘This is not relevant to us’ and ‘This is not going to happen to us’. But over the years we’ve seen how the tactics of the hackers have evolved and if we looked into the audience that are in the session this afternoon, most will either have seen some form of cyberattack against them or know of someone who has had some form of cyberattack against them. It’s become a very real part of our lives.”

If it was an economy, cyber crime would be the third-largest economy in the world, and it’s more profitable than the global drug trade.

“Cybercrime now costs global economies more than all the natural disasters in a year,” said Ryan. 

Hackers, he said, look like normal people. They’re highly skilled, educated and often disenfranchised. The number of teenage hackers has doubled in the past year. And it’s not as difficult to get into hacking as you might think! Most are employed in IT-related fields and do hacking as a side hustle. 

He spoke on why people become hackers, shared some hacker insights, unpacked the concepts of extortion, business email compromises – including whaling, smishing, spoofing and phishing – ransomware losses, write-once read-many (worm) and disconnected backups, reputational issues, multiple ransom demands, typical costs of an incident. He concluded by highlighting current and future potential risks, such as the use of generative AI to craft cyberattacks.

“It’s early days in technology,” he said. “It will evolve very, very rapidly. But you can already see how it is starting to become dangerous.”

If you would like to watch the full recording of this InsureTalk session, click on the video below. Remember to let Llewellyn know you’re watching so he can arrange for you to get your CPD hours. 

And don’t forget to register for InsureTalk Live on 26 October!