News Release

September 16, 2016

Schools and Educational Institutions in the Sights of Cyber Criminals

Like any business, educational institutions are increasingly dependent on the internet and technology to conduct daily activities, from online learning and test platforms, to storing sensitive student and employee information. A data breach or cyber-attack can compromise this confidential information or even prevent access to vital online services, leading to reputational damage and loss of income, not to mention legal action, regulatory costs and the associated disruption to the institution.

During a recent cyber breach the University of Limpopo's website was taken down, leaking exam papers and the details of over 18 000 students, in addition to perpetrators publicly posting what was believed to be the login details for the University's intranet. From a general perspective, South Africa has been particularly hard hit by an onslaught of cyber-attacks during 2016 with a number of noteworthy targets in the name of Operation Africa (#OpAfrica) ranging from SABC and the SA Government Database, through to the Department of Water Affairs and the EFF.

Loss and harm caused by cyber incidents is not entirely new, but with the increasing reliance on technology, the risks and voracity of attacks are increasingly exponential. According to a recent study conducted by IBM, the 2016 cost of a data breach in South Africa equates to an average cost of R1 548 per lost or stolen record, with 37% of data breaches in South Africa involving malicious or criminal attacks.

"A breach in data puts a whole process in motion that can quickly turn into a very costly exercise," says Kerry Curtin, Manager for Financial Institutions & Professional Risks at Aon South Africa. "In certain instances an educational institution may need to appoint a forensic analyst to establish the origin of the breach and to prevent further damage."

"Depending on the type of breach, appropriate government or regulatory offices may need to be informed of the breach to anticipate possible legislative or regulatory fines. In addition, there are many jurisdictional acts and bills that affect the cyber realm in South Africa with the potential for grave financial implications from third party liability claims, stemming from the Consumer Protection Act or even the Protection of Personal Information (POPI) act, to name a few," Kerry explains.

"The nature of the breach will also need to be communicated to affected parties and the corresponding support will need to be put in place. This is especially critical in the event of sensitive information such as banking details or qualifications that are leaked, which lends itself to identity theft, fraud and the like. This is not even accounting for the public relations and crisis management that an educational institution will need to implement to manage its reputation and credibility in the marketplace, which comes at a significant cost," she adds.

While existing forms of insurance sometimes carry a level of coverage, only specialist cyber insurance policies provide extensive cover. "There is no one size fits all approach to cyber risk insurance. That's why consulting with a professional Aon risk advisor is an invaluable exercise in protecting your reputation, data, students, employees and bottom line," says Kerry.

Cyber insurance is a very complicated field that requires thorough interrogation to ensure that the risk profile of an educational institution is adequately covered. "Cyber risk products typically indemnify an educational institution from any losses it may suffer from cyber-attacks such as those incurred to investigate and manage a cyber incident. It also covers the costs incurred in responding to data privacy regulators in the form of fines and penalties, in addition to liability claims made by third parties," explains Kerry.

Aon's cyber risks diagnostic tool also greatly aids educational institutions to quantify its cyber insurance risk, and can be found here.

"The risk that a cyber breach holds is something that should never be under-estimated. Our professional and qualified brokers will help you navigate your way to the best insurance products that suit your educational institution's profile and its pocket," concludes Kerry.

Aon welcomes relevant dialogue and commentary on our thought leadership materials posted to our website. However, we reserve the right to delete any content that is harmful, obscene, or spam before it is published to the site.

If you elect to comment or engage with our content via third-party social media websites, you authorize Aon to have access to certain social media profile information. Please click here to learn more about information that may be collected when using these tools on

All Comments(570)

Open for comments. Sign in or create your Aon South Africa account to join the discussion.
Tom Hatcher 7 Jun 2014 14:58 Comments Policy
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed luctus nulla ac sem viverra, quis adipiscing lectus elementum. Fusce semper bibendum pellentesque.
Sandy Smith 25 May 2014 11:44 Comments Policy
Lorem ipsum dolor et al.
John Smith 12 May 2014 17:09 Comments Policy
Lorem ipsum dolor et al. Lorem ipsum dolor et al. Lorem ipsum dolor et al.
Show all comments...
Previous 1 2 3 4 5 Next

Quick Forms

Contact Me
Compliments & Complaints

Twitter Feed