From cloud computing to accommodate remote and hybrid working, to the adoption of more software solutions and IoT systems and devices intended to streamline business operations, digitisation is an established reality that businesses cannot do without. And as businesses increasingly rely on technology in their day-to-day operations, cybersecurity has naturally become a topic of concern.

According to a 2024 CISCO survey on cyber security readiness among over 8,000 business and cybersecurity leaders across 30 global markets including South Africa, 95% of companies failed to rank as ‘mature’ in cyber threat readiness. This means that they are essentially ill-prepared to withstand the impact of modern cybersecurity risks.

That being said, the survey also reveals that companies are aware of the threat landscape and even expect to fall victim to cybercrimes shortly, with only 31% of companies feeling “very confident” in their current infrastructure’s ability to defend against a cyber-attack.

 

Why are businesses leaving cyber security to chance?

While larger enterprises often have dedicated IT teams to monitor systems, software platforms and devices to ensure a business’s protection, small-to-medium-sized businesses may struggle to achieve the same. Leaning on insurers for support is one important avenue that businesses of any scale may find beneficial.

Limited budgets, a shortage of skilled cybersecurity professionals and outdated or complex IT infrastructure are also key barriers preventing companies from establishing more robust cyber protection measures and embracing cyber insurance.

“When weighing the cost of cyber insurance, it is essential for businesses to consider the potential consequences of a breach,” says Alain Nathan, divisional executive for consumer and commercial at GIB, adding that the impact of a cyberattack could be so severe that it may lead to the closure of the business.

“Clients need to think broadly about how much they are willing to invest in managing cyber risk. With legislation such as POPIA in place, the financial penalties for non-compliance can be devastating.”

 

What can business do to mitigate against this emerging risk?

Mark Sanders, chief operating officer at GIB, adds that insurers are partnering with third-party experts to provide clients with real-time cyber risk reports.

“These value-added services help clients better manage risks, while also reducing the insurer’s overall exposure. In addition, many insurers now offer employee training to mitigate the human element of cyber risk, such as phishing scams,” Sanders notes.

While cyber insurance is still an evolving area in South Africa from a regulatory and policy perspective, many insurance providers in South Africa do offer cyber-risk-specific products to assist and support businesses in protecting against cyber threats.

Penetration testing and security audits are often offered as part of the underwriting process, which helps identify potential weak points in a business’s cyber infrastructure, giving them a clear roadmap to reduce exposure.

However, considering the growing cyber threat landscape for South African businesses, both Nathan and Sanders have observed a growing shift among businesses towards embracing cyber insurance.

“The ‘it won’t happen to us’ mentality is fading. More clients are recognising the importance of protecting themselves from the very real and immediate threat of cyberattacks,” says Sanders.

In an age where no business is safe from cyber threats, taking a more robust approach to protecting against digital risk from an insurance perspective is vital, and plays a pivotal role in recovery and risk mitigation. With cyberattacks becoming more frequent and sophisticated, having the right protection is no longer optional, but essential.