South African organisations are rapidly adopting cyber insurance coverage, according to a research report released today by global cybersecurity solutions provider Sophos.
The research, which surveyed 311 IT and cybersecurity professionals in South Africa whose organisations have some form of cyber coverage, identified a shift towards enhancing cyber defences as a key to optimising insurance outcomes.
“Cyber insurance is no longer just an optional extra; it’s a critical component of comprehensive risk management strategies, providing a financial safety net and helping to mitigate the impacts of cyber incidents,” says Pieter Nel, Sophos regional head for the SADC region.
“Our findings show a strong correlation between the quality of organisations’ cyber defences and their ability to secure favourable insurance terms. A significant 98% of respondents improved their cyber defences to better their insurance positions, with 74% achieving coverage they wouldn’t have otherwise obtained.”
The study, conducted in January and February 2024, reveals that 53% of organisations were driven to adopt cyber insurance due to their understanding of the business impacts of cybercrime. Additionally, 45% sought coverage following direct experiences with cyberattacks, underlining the persistent threats that businesses encounter.
Key findings include:
- 72% of organisations made major investments in cyber defences to optimise their insurance standing.
- 74% claimed these investments enabled them to secure coverage.
- 68% reported obtaining more cost-effective coverage due to their enhanced defences.
- 45% achieved better policy terms, such as improved coverage limits and conditions.
All respondents whose organisation had made a claim on their policy said the insurer had contributed to costs, with 59% of the total incident bill covered, on average. Illustrating that coverage levels are not keeping pace with the increase in remediation costs, the most common reason cited for the insurer not covering the full bill is that total costs exceeded the policy limit.
“The evolution of the cyber insurance market and the growing sophistication of cyber threats necessitate a robust and proactive approach,” says Nel. “Organisations must view cyber insurance as a part of a broader cyber resilience strategy, not only for financial protection but as an incentive to maintain and improve cyber defences.”