MegaBanner-Right

MegaBanner-Left

LeaderBoad-Right

LeaderBoard-Left

Home » Industry News » Business Advisory & Financial Services News » The risk of third-party cyber breaches underscores the importance of cyber insurance cover 

The risk of third-party cyber breaches underscores the importance of cyber insurance cover 

In today’s interconnected digital landscape, businesses in South Africa face significant risks from third-party data breaches. When an external partner or service provider suffers a breach, the repercussions can ripple across the entire business ecosystem. 

Fisokuhle Nkosi, Head: Professional Indemnity at iTOO Special Risks.

These breaches not only compromise sensitive information but also erode trust and expose companies to legal and financial liabilities. The impact on customers can be profound, leading to identity theft, financial loss and a sense of insecurity,” says Fisokuhle Nkosi, Head: Professional Indemnity at iTOO Special Risks. 

“As cyber threats evolve, businesses must prioritise robust data protection measures and cultivate resilient relationships with their third-party partners to safeguard their operations and customer trust.” 

She explains that for big corporates to engage with third-party suppliers or service providers, these third parties must have cyber coverage and professional indemnity insurance. Cyber coverage ensures that the third party can manage and mitigate the financial impact of a data breach, demonstrating robust risk management practices. 

“Professional indemnity insurance protects against claims of negligence and errors or omissions, providing financial security and maintaining trust. These insurance policies are often prerequisites, ensuring that both parties are safeguarded against potential risks and liabilities,” she says. 

Earlier this year, a major South African pharmaceutical retail chain avoided a potential fine of up to R10 million for not taking the necessary steps and measures to secure its customers’ private data. About 3.6 million data subjects’ records were accessed from the retailer’s e-statement service database, which was managed by a third party. 

The Information Regulator subsequently found that the pharmacy chain had complied with an enforcement notice issued against it in September 2023, which demanded the company take certain steps to address its failure to protect customers’ data or face an administrative fine of up to R10 million. 

Following an investigation into the attack, the regulator determined that the retailer had – among others – failed to “enter into an operator agreement with [the third party] and ensure it had adequate security measures to secure personal information in its possession”. 

Ryan van de Coolwijk, Business Unit Head: Cyber, collectables, aviation, drones and digital distribution at iTOO.

“Cases like this serve as a stark reminder that third-party service providers can be held liable for cyberattacks that affect their clients’ data in South Africa. In other words, third-party service providers can face legal claims and financial penalties if they fail to protect client data adequately,” says Ryan van de Coolwijk, Business Unit Head: Cyber, collectables, aviation, drones and digital distribution at iTOO.  

“This underscores the importance of robust cybersecurity measures and comprehensive cyber liability insurance for third-party service providers.” 

He also notes that this demonstrates how crucial it is for third-party service providers to have robust cybersecurity systems and expertise to protect their clients’ data. A breach can lead to significant financial and reputational damage for both parties. 

“However, many Small and Medium Enterprises (SMEs) in South Africa struggle to afford state-of-the-art security solutions due to limited budgets. They often prioritise other aspects of their business over cybersecurity, leaving them vulnerable to cyber threats. Affordable solutions like basic cyber hygiene practices, employee training and managed detection and response services can help bridge this gap,” says van de Coolwijk. 

“It is crucial for companies that share data with third parties to ensure those third parties have adequate cyber and data protection coverage. If something goes wrong, the company wants to know they are protected. This coverage does come at a cost, but it is an important risk mitigation measure.” 

He notes that there has recently been a noticeable rise in incidents, leading companies to require their suppliers and third-party providers to have proper cyber coverage before doing business with them. 

“Smaller companies may overlook the need for sophisticated security measures and cyber coverage, thinking they are not a target. However, they are just as vulnerable and need to prioritise these protections, especially when sharing data with third parties,” he says. 

“The key is balancing the cost of coverage with the potential risks and liabilities that can arise from data breaches or cyber incidents involving third-party providers. Acquiring a baseline level of cyber coverage helps to protect the company’s interests.” 

To enquire about Cape Business News' digital marketing options please contact sales@cbn.co.za

Related articles

Canadian group, Africa Energy Corp to be become the “operator” of Block 11B/12B gasfields

AFRICA Energy Corp says that its investment in Main Street 1549 Pty Ltd. (“Main Street”), has formally become the operator of Block 11B/12B offshore...

SANPC CEO Godfrey Moagi outlines vision for South Africa’s energy future

AT the opening of Africa Energy Week (AEW) 2024, Godfrey Moagi, CEO of the South African National Petroleum Company (SANPC), presented an inspiring vision...

MUST READ

Rhenus Group’s R440-million new Joburg warehouse is water independent

By Larry Claasen LOGISTICS firm Rhenus Group’s move to a R440-milion state-of-the-art facility in Johannesburg will see it become independent from municipal water. Its new 28...

RECOMMENDED

Cape Business News
Follow us on Social Media