The numbers are sobering. In 2025, the average cost of a data breach for South African organisations was R44.1 million. Yet, despite 81% of business leaders expressing concern about their exposure to cyber risk, only 26% have added a cybercrime supplement to their cover, and just 52% have standalone cyber insurance.
This gap between knowledge and protection reveals a bigger truth: business risks have shifted, and traditional insurance hasn’t always kept pace.
The Great Risk Revolution
The assets that matter most today aren’t bricks, fleets, or factory floors. They’re customer data sitting in the cloud, systems that can be compromised by a single misplaced email, or compliance fines triggered by rules you didn’t even know applied.
South African companies now face an average of 1,450 cyberattacks per week — up 4% year on year. Over 70% of SMEs reported at least one attempted cyberattack in 2024. And still, over 70% of local businesses have little or no cybersecurity awareness. Human error remains the system’s greatest vulnerability.
This is not the old insurance playbook. Risks now live in code, people, and processes, demanding protection designed for a digital economy.
Lessons from the Courts
Recent South African court cases have brought the danger into sharp focus.
In Hartog v. Daly, a conveyancing attorney was held liable for R1.4 million after fraudsters intercepted and diverted property sale proceeds through manipulated emails. Following “normal” email protocol was no longer enough.
In another case, Edward Nathan Sonnenbergs v. Hawarden, the High Court initially ordered a law firm to pay R5.5 million after a business email compromise scam. Although the order was later overturned on appeal, it highlighted just how financially exposed professional firms are to digital risk.
These aren’t rare exceptions. In December 2024, the Information Regulator fined the Department of Justice R5 million for failing to maintain basic cybersecurity, and the Department of Basic Education received a similar penalty.
The verdict? Courts and regulators alike are signalling that digital negligence is no longer acceptable.
The Cascade Effect
The tricky part about modern risks is how quickly they multiply. Imagine a law firm’s email system is hacked. Clients get fraudulent payment instructions. What follows? Professional indemnity claims. Cyber breach costs. Client compensation. Regulatory fines under POPIA. Reputational damage.
Traditional insurance may cover one or two of these. The rest? Straight onto your balance sheet.
This cascade effect is exactly why cyber protection can’t be treated as a “nice to have.” One incident can spill into multiple categories of loss — and if your cover isn’t comprehensive, you’re left patching holes at your own expense.
The SME Vulnerability
Small and medium-sized companies are in a particularly tough spot. They face the sharpest edge of today’s risks but are often the least prepared. One in three South African SMEs has already been targeted by a cyberattack, yet just 17% have cyber insurance.
Globally, 43% of cyberattacks hit small firms, with human error present in 74% of breaches. Locally, 40% of SMEs rely on free antivirus software, while 27% don’t back up their data at all.
It’s a dangerous mismatch: the businesses with the most to lose are often those with the weakest shields. And when attacks hit, the costs are not just financial — operations are disrupted, trust erodes, and reputations take years to rebuild.
The Modern Solution
That’s why insurers with vision are rethinking protection. At Bryte, we partner with Phishield to offer Cyber Protect — a cover designed for South African businesses navigating this digital era.
Cyber Protect provides lifecycle support: prevention, response, and recovery. It covers data loss, business interruption, liability, and even includes Funds Protect — protection for fraudulent payments or EFT redirection. This is the risk at play in cases like Hartog v. Daly.
The product is also offered as a standalone cover for companies that want targeted protection without a comprehensive package. Easy, accessible, and affordable — especially for SMEs that historically thought cyber insurance was a luxury product.
In other words, protection shouldn’t be out of reach. It should be part of how every business, big or small, builds resilience.
Building Modern Protection
True security in 2025 requires three components:
- Prevention: building systems, processes, and cultures that reduce risk — from how data is managed to how staff use email.
- Detection: monitoring systems that catch a problem early, from cybersecurity tools to compliance oversight.
- Protection: insurance that matches real-world risks — cyber liability, professional indemnity, crisis management, and more.
Insurance is no longer just about replacing what you’ve lost. It’s about enabling resilience in the face of fast-changing threats. And in a world where one wrong click can cost millions, resilience is priceless.
The Path Forward
The good news? Once you acknowledge modern risks, it becomes possible to prepare for them. Start by asking:
- When last did we audit our exposures against the cover we have?
- How has our business model changed since we last bought insurance?
- Are we fully aligned with POPIA and other regulatory demands?
The businesses thriving in this new environment aren’t those with the biggest insurance budgets. They’re the ones with the smartest risk intelligence.
At Bryte, we believe resilience isn’t about waiting for disaster — it’s about building smarter defences today. Speak to your broker, or connect with us directly, to explore how Cyber Protect can keep your business moving forward.
*This article is for educational purposes and is based on publicly available information about South Africa’s network transition and general insurance requirements. For advice specific to your policy, please consult your broker or insurance provider.