Cyber Threats: Awareness High, But Cover Still Low
Concern about cyber threats is widespread, yet this has not translated into sufficient insurance uptake.
The latest Santam Insurance Barometer shows that 81% of consumers are concerned about cyber risks, while 80% of businesses say they have strengthened their defences. But only 2% of consumers and 17% of businesses have purchased cyber insurance.
Manisha Chiman, the executive head of Santam Specialist Solutions, says the gap between awareness and cover is troubling, particularly because cyber risks are growing more sophisticated and financially damaging. Brokers, she argues, have a central role in bridging this gap by explaining exposures and the benefits of cover in straightforward terms.
“The more clarity we can bring to this space, the more confident businesses and individuals will feel about adopting insurance as part of their cyber resilience strategy,” Chiman says.
Growing threat landscape
South Africa’s cyber vulnerabilities are becoming increasingly clear as attacks on airlines, mining companies, and government departments escalate. “Cybercrime is no longer a hypothetical risk,” Chiman warns, noting that even the country’s most established institutions are being hit.
The African Defence Forum recently flagged rising attacks on government agencies. In January, the South African Weather Service was taken offline by a cyber breach that disabled its email, website, and aviation and marine forecasting systems. The disruption spread beyond South Africa, affecting Mozambique, Zambia, and other countries that rely on its forecasts.
Critical infrastructure has also been targeted. The National Health Laboratory Service was forced to halt blood testing, the Companies and Intellectual Property Commission was breached, and the Government Employees Pension Fund – Africa’s largest retirement fund – was hacked. On average, South African organisations and state agencies faced 1 450 cyberattacks a week in 2024.
Private companies are not immune. In May, The Record reported that a cyberattack on South African Airways disrupted its website, mobile app, and several internal systems. And in June, MyBroadband confirmed that mining company Eastern Platinum disclosed a breach that exposed internal files on the internet.
These attacks are part of a wider pattern: cyber incidents across Africa surged by 37% in 2024, according to Check Point Software Technologies, underscoring the continent’s growing vulnerability.
Why insurance matters
Despite this intensifying threat, cyber insurance remains underutilised. Chiman says hesitation often stems from the way risk is framed. “
Often, it is seen as a purely technical problem requiring purely technical solutions. Although security measures such as firewalls and encryption are essential, they cannot eliminate the risk of a cyberattack altogether.”
Breaches continue to occur through phishing emails, insider threats, or human error, and when they do, the consequences can be severe.
“Cyber insurance provides cover against cybercrime, cyber incidents, cyber extortion, or data breach risk. A well-structured policy is about more than just claims pay-outs. It can provide access to expert support in the hours and days after an attack, including forensic investigators, legal advisers, and breach recovery specialists.”
The Santam Insurance Barometer also highlights widespread misconceptions.
“Many SMEs, for example, believe they are unlikely targets. Others assume cyber cover is too expensive or complicated for their specific needs. Both assumptions are misguided, and while cost can be a barrier, the financial consequences of a serious cyber event – from ransomware to data theft – can far exceed the price of protection.”
Signs of progress
There are indications of a shift. Between 2022 and 2024, Santam recorded a marked increase in demand for cyber cover, although from a low base. The latest Sophos Cyber Insurance and Cyber Defences Report found that 52% of South African companies now have a dedicated cyber policy.
Still, a large portion of the market remains exposed.
“Risk mitigation through proactive attitudes towards cyber awareness is essential. In a country ranked among the most targeted in the world for cyberattacks, risk transfer through insurance must form part of business strategy,” Chiman says.
