South African companies have made a proactive shift towards enhancing cyber defences as a key to optimising insurance outcomes.

This is among the findings of a new Sophos study that highlights the increasing integration of cyber insurance into the risk management strategies of South African organisations.

The research surveyed 311 IT and cybersecurity professionals in South Africa whose organisations have some form of cyber coverage.

“Cyber insurance is no longer just an optional extra; it’s a critical component of comprehensive risk management strategies, providing a financial safety net and helping to mitigate the impacts of cyber incidents,” says Pieter Nel, regional head: SADC at Sophos.

“Our findings show a strong correlation between the quality of organisations’ cyber defences and their ability to secure favourable insurance terms. A significant 98% of respondents improved their cyber defences to better their insurance positions, with 74% achieving coverage they wouldn’t have otherwise obtained.”

The study, conducted in January and February 2024, reveals that 53% of organisations were driven to adopt cyber insurance due to their understanding of the business impacts of cybercrime. Additionally, 45% sought coverage following direct experiences with cyberattacks, underlining the persistent threats that businesses encounter.

Key findings of the study include:

* 72% of organisations made major investments in cyber defences to optimise their insurance standing.

* 74% claimed these investments enabled them to secure coverage.

* 68% reported obtaining more cost-effective coverage due to their enhanced defences.

* 45% achieved better policy terms, such as improved coverage limits and conditions.

In positive news, all respondents whose organisation had made a claim on their policy said the insurer had contributed to costs, with 59% of the total incident bill covered, on average. Illustrating that coverage levels are not keeping pace with the increase in remediation costs, the most common reason cited for the insurer not covering the full bill is that total costs exceeded the policy limit.

“The evolution of the cyber insurance market and the growing sophistication of cyber threats necessitate a robust and proactive approach. Organisations must view cyber insurance as a part of a broader cyber resilience strategy, not only for financial protection but as an incentive to maintain and improve cyber defenses,” Nel adds.

This strategic emphasis on cyber insurance is set to play a pivotal role in enabling South African businesses to navigate the complexities of the digital age, safeguarding their operations and fostering a resilient digital economy.