Why cybercrime cover is a need for SA SMEs

The cost of businesses not prioritising their cybersecurity in South Africa sat at R53.1 million in 2024, a 10% increase from 2023.

According to a recent article titled Unmasking cyber threats in Africa, local organisations are facing an average of 1 450 weekly attacks — a 4% year-on-year increase.

Thabo Twalo, chief underwriting officer at Santam Broker Solutions, says that despite these threats’ growing prevalence and cost, a recent Santam survey reveals that only 26% of commercial entities have cybercrime cover.

“This is particularly concerning as South Africa has been identified as a hotspot for crimes such as identity theft, data breaches, malware and phishing scams.”

Increase in cybercrime

Twalo says South African businesses of all sizes should use this opportunity to reassess their approaches to cyber risks.

“Although attacks on large corporations may make the headlines, it’s the frequent attacks on smaller businesses that are more concerning.”

The latest SHA Risk Review found that one in three small and medium enterprises (SMEs) had been the victim of a cyber-attack.

ALSO READ: 467k malicious files detected per day in 2024: How to protect yourself

Small businesses underestimate cybercrime

“Despite several recent high-profile cyber-attacks, research suggests that while cybercrime is recognised as a risk, local business owners underestimate the protection measures required, and most don’t have the necessary cover in place.”

The Santam survey shows that 44% of large commercial and 28% of large corporate respondents are leading the way in taking up cyber insurance.

However, among SMEs, there is still a strong perception that “it would never happen to them”.

Ransomware

Twalo adds that cybercrime invariably involves gaining illegal access to a computer or IT system to extract information or implant malware, which can disrupt a business in various ways.

“For example, cyber extortion is when malware known as ransomware is used to extort money from a company, threatening actions such as the destruction, theft or illegal distribution of data.”

SMEs are particularly vulnerable to cybercrime as they often lack adequate protection.

Twalo advises businesses to increase staff awareness of cybersecurity, reduce unnecessary information transfers, and avoid complacency in managing data.

ALSO READ: Data breaches cost SA organisations over R360m in 3 years

Work-from-home trend

He says that the work-from-home trend since the pandemic has compounded risks.

“Security measures could include providing work-issued computers to employees working remotely, ensuring they are used only for work-related tasks, and installing anti-malware protection to detect threats.

“Employees should be required to ensure routers have built-in firewalls and that they change passwords often.”

Twalo stresses that SMEs must ensure they have appropriate insurance to safeguard their businesses from this growing threat.

“All businesses have a responsibility to protect their interests and customers. When in doubt, consult a financial adviser to ensure your insurance policy covers all threats and is prepared to survive cybercrime.”

NOW READ: Here are your cybersecurity predictions for 2025