South African companies have suffered several cybercrime incidents over the past few years, yet local businesses are still reluctant to insure against this risk.

Roy Wright believes there are two primary reasons for this: “Many businesses are aware of cybercrime, but they – especially small and medium enterprises (SMEs) – erroneously believe their organisations will not be targeted. There is a perception that this risk is more prominent in large businesses or those operating within developed markets, while other companies tend to believe their IT security systems are sufficiently robust to either prevent or recover easily from an attack, and therefore do not see the need for specific cyberinsurance,” he says.

“Both these arguments are flawed, especially when one considers the number of cybercrime incidents that have occurred in South Africa recently.”

During October 2017, it emerged that more than half of the population’s identity numbers had been leaked in South Africa’s worst data breach recorded. This was discovered by Troy Hunt, an Australian internet security expert, and was the biggest national breach to date, affecting some 30 million South Africans. Earlier in the year, several international organisations – including the National Health Service in the UK as well as several South African firms – had fallen victim to a global ransomware attack, also compromising millions of people’s sensitive personal information.