Recent cyberattacks on major airlines, mining companies, and government departments have exposed just how vulnerable even South Africa’s most established institutions are and reinforces the reality that cybercrime is no longer simply a hypothetical risk.
Encouragingly, South Africans are taking notice, writes Manisha Chiman, executive head: Santam Specialist Solutions.
According to the latest Santam Insurance Barometer, 81% of consumers reported being concerned or very concerned about future cyberthreats. Among commercial respondents, 80% said they had already taken steps to improve their cyber defences.
This widespread awareness, however, has not yet translated into action on the insurance front with only 2% of surveyed consumers and 17% of businesses having purchased cyber insurance. The gap between concern and cover is significant, particularly as cyber risk becomes more sophisticated and financially damaging.
Part of the hesitation lies in how cyber risk is approached. Too often, it’s seen as a purely technical problem requiring purely technical solutions. While security measures like firewalls and encryption are essential, they cannot eliminate the risk of a cyberattack altogether. Phishing emails, insider threats and human error still lead to breaches – even with strong controls in place. And when they do, the financial, operational and reputational fallout can be severe. After all, technical defences won’t help recover lost data or pay the cost of a ransom.
That’s where cyber insurance comes in.
Cyber insurance provides cover against cybercrime, cyber incidents, cyber extortion or data breach risk. A well-structured policy is about more than just claims pay-outs. It can provide access to expert support in the hours and days after an attack including forensic investigators, legal advisors, and breach recovery specialists. At Santam, for example, we’ve built value-added services into our cyber offerings, such as dark web monitoring tools for small and medium-sized enterprises (SMEs) and cyber awareness training for employees.
Our survey results also suggest a general misunderstanding of what cyber insurance is, how it works, and what it covers. Many SMEs, for example, believe they are unlikely targets. Others assume cyber cover is too expensive or complicated for their specific needs. Both assumptions are misguided and, while cost can be a barrier, the financial consequences of a serious cyber event – from ransomware to data theft – can far exceed the price of protection.
This points to a clear need for better education across the market. Brokers play a critical role here – not only in helping clients understand their exposure, but also in explaining the purpose and benefits of cyber cover in plain terms. The more clarity we can bring to this space, the more confident businesses and individuals will feel about adopting insurance as part of their cyber resilience strategy.
The good news is that the picture is starting to shift. Between 2022 and 2024, Santam has seen a sharp increase in demand for cyber insurance, albeit off a low base. Encouragingly, the latest Sophos Cyber Insurance and Cyber Defences report shows that over half (52%) of the South African companies surveyed have a dedicated cyber insurance policy. But that still leaves a significant portion of the market exposed.
As South Africa’s risk landscape evolves, we’re committed to developing solutions that match the scale and complexity of these emerging threats. This means building affordable, accessible cyber products for both consumers and businesses. Just as importantly, we must demystify cyber insurance and help our clients see it for what it is: a vital tool for resilience, not just a cost line on the balance sheet.
Risk mitigation through proactive attitudes toward cyber awareness is essential. In a country ranked among the most targeted in the world for cyberattacks, risk transfer through insurance must form part of business strategy.