What's Happening?

Facebook Twitter Youtube Linkedin

NEED HELP? QUESTIONS@FIA.ORG.ZA

become A FIA member TODAY
member login

Digital Fortress

ARTICLE BY

  • Spiros Fatouros
  • CEO
  • Marsh McLennan, Africa and South Africa

SHARE THIS POST

Once a luxury, cyber insurance has now become an imperative. With attacks on the rise around the globe, businesses must be sure they have sufficient coverage and that it’s tailored to their needs.

When, not if. That’s how businesses in today’s world need to think about cybersecurity. After all, there are nearly 11 attacks a second globally (according to the Identity Theft Resource Center’s Annual Data Breach Report), with a recent survey by the Council for Scientific and Industrial Research (CSIR) showing that 88% of South African organisations experienced at least one cyber attack in 2023. Some 47%, meanwhile, reported that they’d experienced between one and five attacks in that time.

Successful attacks resulting in data breaches are expensive too. According to the most recent Cost of a Data Breach Report from IBM, the average data breach now costs South African companies US$ 2.78 million. As well as the cost of getting back to business and potential penalties from the information regulator, data breaches and cyber attacks can lead to long-term declines in customer trust and confidence.

Apart from other notable cyber attacks, The Interpol African Cyber Threat Assessment Report 2024, advised that the frequency of ransomware attacks was on the rise, whereby 300 cases of ransomware attempts were detected during a single week in February 2023.

A mature and resilient cyber posture is key from an operational perspective. Additionally, a cyber insurance policy that can effectively respond is more important than ever. Once seen as a luxury, it’s fast become an imperative that no company can afford to be without. But what should organisations look for in an insurance product and how can they ensure that what their insurer offers is effective?

Massive underinsurance

Before answering those questions, it’s worth providing a little more context around how big an issue cybercrime is in today’s business environment, affecting individuals, businesses, and economies. According to Cybersecurity Ventures, the global cost of cybercrime is projected to increase to nearly US$ 24 trillion by 2027, up from US$ 8.5 trillion in 2022.

Large-scale cyber events present substantial risks to the global economy. According to the World Economic Forum’s Global Risks Report 2024, nearly 40% of experts surveyed consider cyber attacks to be a paramount risk with the potential to trigger a material crisis in the near future. While many large businesses have the cyber insurance necessary to recover from an attack, far too many small and medium enterprises (SMEs) are either uninsured or underinsured and face debilitating financial risks should they be hit by an IT outage.

While figures from Sage suggest that around 64% of South African SMEs have cyber insurance, that still leaves a sizable number of businesses that don’t. If we take the OECD’s 2022 estimate of there being 2.6 million SMEs in South Africa as accurate, we’re looking at around 936 000 SMEs without cyber insurance. And that’s to say nothing of those businesses that have insurance but don’t have comprehensive enough products protecting them.

That lack of insurance can have significant impacts in the long term. Even when SMEs survive major cyber attacks, their ability to innovate and take risks might suffer as a result. And taking risks is vital to growing businesses and the economy.

The right insurer matters

A good insurer will ensure that companies feel protected and capable of taking the kind of risks required to foster innovation and growth. More importantly, perhaps, they’ll take the individual considerations of the business into consideration.

From there, the insurer should be able to tailor a policy to the business and its needs. At the very least, however, it should include third-party liability for privacy and data breaches, media liability claims, regulatory fines and penalties, and first-party losses like business interruption and cyber extortion.

When it comes to preventing financial losses, meanwhile, businesses should have the option of covering a range of risks, including financial losses, business interruption costs, recovery expenses, and other expenses like regulatory investigation coverage, crisis management expenses and third-party legal liability coverage.

Finding an insurer that offers all of those things and has a strong track record of paying out valid claims will help ensure that businesses of all sizes are properly protected in the event of a cyber attack. Given the prevalence of cyber attacks in South Africa and around the globe, that should be a priority for any business leader.

Adapting to a changed world

Ultimately, it’s important for businesses to recognise that the environments they operate in are constantly changing. Few areas of concern for businesses change faster or more dramatically than cybersecurity. The rapid advances made thanks to automation and artificial intelligence mean that everyone is now a target. As such, businesses cannot afford to see cyber insurance as anything other than a requirement for their ability to operate effectively.  

Subscriber Terms and Conditions

  1. APPLICATION OF TERMS
    • These terms and conditions (“Subscriber Terms”) apply to the subscription by any qualifying member of the South African Underwriting Managers Association NPC (“SAUMA”) to the services and benefits offered by FIA Services (Pty) Ltd (“FIA Services”) under the SAUMA affiliation arrangement (“Subscription”).

  2. NATURE OF SUBSCRIPTION
    • A Subscription under this arrangement:
      • does not constitute membership of FIA NPC;
      • does not confer any voting rights or governance participation in FIA NPC; and
      • is governed solely by the contractual relationship between the Subscriber and FIA Services.

  1. ELIGIBILITY
    • To qualify for the Subscription, the applicant must, at the time of application, be a current paid-up member of SAUMA.
    • FIA Services will verify the applicant’s SAUMA membership status with SAUMA prior to activation, and may re-verify such status periodically.
    • If a Subscriber ceases to be a paid-up member of SAUMA, the Subscription will correspondingly be terminated.
    • Applicants are required to authorise FIA Services to confirm their SAUMA membership status with SAUMA as part of the application process.

  1. SERVICES
    • The Subscription entitles the Subscriber to the following benefits:
      • Complimentary access to the FIA CPD Platform;
      • Complimentary access to the FIA Insight Magazine (digital edition);
      • Advertising opportunities on FIA platforms at a discounted rate of 15% (fifteen percent) off the prevailing published rates; and
      • Invitations to attend FIA Technical Webinars annually.
    • FIA Services reserves the right to update, vary or substitute the Services from time to time, provided that the overall value and nature of the benefits remain materially the same.

  1. FEES AND PAYMENT
    • The monthly subscription fee is R260.00 (two hundred and sixty rand) for up to seven registered individuals (Key Individuals and Representatives), and R36.00 (thirty-six rand) per additional registered individual thereafter, excluding VAT.
    • The Subscriber shall provide FIA Services with the required details of each individual to be registered under the Subscription for the purposes of activation and billing.
    • All fees are exclusive of VAT, which shall be charged at the prevailing statutory rate.
    • Subscription fees are reviewed annually in March and may be adjusted with effect from 1 April.
    • Any changes to the Subscription, including but not limited to the number of Representatives and Key Individuals registered under the Subscription, may only be effected once annually during the annual review period in March of each year, with such changes taking effect from 1 April.
    • Subscription fees shall be billed monthly in arrears, unless the Subscriber elects an annual billing cycle at the time of application.
    • The Subscriber shall ensure that all billing information (including contact details, authorised signatories and bank account details) is kept accurate and up to date.
    • Non-payment of subscription fees may result in suspension of access to the Services until such fees are brought up to date.
    • The Subscriber acknowledges and agrees that all subscription fees payable under these Subscriber Terms may be collected by way of debit order, which shall be processed by the holding company, FIA NPC (The Financial Intermediary Association of South Africa), on behalf of FIA Services. Payment to FIA NPC shall be deemed to constitute valid and sufficient discharge of the Subscriber’s payment obligations to FIA Services under these Subscriber Terms.

  1. ONBOARDING
    • Onboarding will be conducted as a Subscription with FIA Services under the SAUMA affiliation arrangement.
    • Onboarding will not confer FIA NPC membership status or any associated rights.
    • Onboarding is conditional on confirmation of the Subscriber’s current SAUMA membership at the time of application

  1. DATA PROTECTION
    • FIA Services will process all personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) as set out in our POPIA policies.
    • By subscribing, the Subscriber authorises FIA Services to confirm their SAUMA membership status with SAUMA and to process personal information for the purposes of fulfilling the Subscription.

  1. TERMINATION
    • The Subscriber may terminate the Subscription by giving FIA Services one calendar month’s written notice.
    • FIA Services may terminate the Subscription on one calendar month’s written notice, or immediately if the Subscriber breaches these Subscriber Terms and fails to remedy such breach within 14 (fourteen) days of receiving written notice.
    • Termination of the SAUMA–FIA Services affiliation agreement shall not automatically terminate these Subscriber Terms.
    • Termination by the Subscriber shall not relieve the Subscriber of liability for any subscription fees accrued up to the effective date of termination.
    • FIA Services may suspend or terminate the Subscription with immediate effect in the event of non-payment of fees by the Subscriber.

  1. GENERAL
    • These Subscriber Terms are governed by the laws of the Republic of South Africa.
    • Any disputes arising under these Subscriber Terms shall be dealt with in accordance with the dispute resolution provisions contained in the FIA NPC membership terms and conditions, as modified to reflect that the contractual relationship is with FIA Services.
    • Any notices required under these Subscriber Terms may be validly delivered by email to the addresses provided in the Subscriber’s application form, and such notices shall be deemed received on the day of transmission if sent during business hours.
    • The Subscriber may not assign, cede or transfer any of its rights or obligations under these Subscriber Terms without the prior written consent of FIA Services.
    • No variation of these Subscriber Terms shall be of any force or effect unless reduced to writing and signed by both FIA Services and the Subscriber.