Brokers must lead the charge
Brokers and corporate risk managers are increasingly finding themselves at the frontline of the battle against evolving cyber threats. These risk professionals, aided by insurers and reinsurers, are being challenged to find innovative ways to mitigate against and transfer the potential losses attaching to one of the most misunderstood exposures facing 21st Century businesses.
Cyberattack affects shareholder value
Aon’s 2025 Global Cyber Risk Report sheds fresh light on the shape and scope of today’s cyber threat landscape, warning that reputational damage stemming from cyber events has contributed to an average 27% loss in shareholder value. This headline figure is based on Aon’s analysis of more than 1400 cyber events during 2024. The report notes that while most incidents fade quickly from public view, a handful erupt into full-blown reputational risk events, attracting sustained media scrutiny and triggering significant share price falls.
“Cyber risk is no longer just a technology issue, it is a boardroom issue,” said Brent Rieth, Global Cyber Leader at Aon in a media release accompanying the report launch. “Our latest research underscores the importance of proactive risk mitigation, [finding that] organisations that invest in preparedness and resilience are far better positioned to avoid the reputational and financial fallout that can follow a cyber event.” The report found that malware and ransomware attacks accounted for 60% of all reputation risk events despite making up only 45% of total cyber incidents.
Frequency up, but severity wanes
Reputation-related value accretion is just one dimension of an increasingly active cyber threat environment. According to Aon’s proprietary Cyber Quotient Evaluation (CyQu) tool, ransomware incidents surged by 24% globally in 2024. As the scale and frequency of attacks increase, there are signs that improved controls and incident response planning are starting to pay off. As proof, the average ransomware payment fell by 77% and the ratio of payment to demand declined to just 28%, from 41% in 2023.
South African insurance professionals will no doubt turn to the report’s coverage of the EMEA region titled ‘Riding the wave: EMEA approaches cyber maturity’. Although an interesting read, your writer found it hard to match the report findings to the regions and wondered to what extent the somewhat Eurocentric findings applied to South Africa specifically, and the broader African marketplace in general.
In this chapter, the leading global professional services firm noted that cyber maturity improved measurably across the region in 2024, with organisations making headway in access management, endpoint protection and network controls. Sadly, this improvement was uneven, and businesses continued to lag in crucial areas like third-party risk and business resilience. “Resiliency is tantamount to an organisation’s ability to recover from a cyber incident, and it is essential to have a risk management and insurance solution in place that is built for purpose,” commented Aon South Africa spokesperson, Zamani Ngidi, in the aforementioned presser.
Pay attention to the basics
These weak spots are of particular concern in emerging markets due to high supply chain interdependence and limited contingency planning. Aon’s EMEA data showed that contract management, supplier inventories and third-party due diligence remain underdeveloped across the region, with average scores barely above the ‘basic’ risk maturity threshold. Even commonsense protections such as backups, incident response and disaster recovery plans were flagged as areas requiring urgent improvement.
In 2024, Europe experienced multiple systemic-type cyber events including a ransomware attack on a UK pathology services provider that disrupted National Health Service (NHS) operations, and the massive CrowdStrike software update failure, which took down more than 8.5 million systems globally. South Africa was not spared. In one notable incident, mobile operator Cell C confirmed a data breach in December 2024 during which Ransom House hackers leaked 2 terabytes of sensitive customer data on the dark web.
The Cell C breach and other high-profile cyberattacks confirm that cyber threats have become embedded in the regional landscape, mirroring global patterns. It is also worth noting that vulnerabilities in one jurisdiction quickly transmit across borders and sectors thanks to the widespread adoption of digital technologies. Brokers and corporate risk managers can help businesses build cyber resilience into their operations by promoting an understanding of cyber exposure pathways and strengthening defences against cyberattack.
Adding NIS2 and DORA to you regulation radar
Regulators have been swift to act in some countries, and slower elsewhere. Businesses across the European Union (EU) have seen the aggressive roll out of cyber frameworks such as the expanded Network and Information Systems Directive (NIS2) and the Digital Operational Resilience Act (DORA), which set stricter rules for digital and financial services resilience. These laws are shaping global expectations around cyber governance.
South Africa has been progressive in examining the impact of emerging technologies on its financial system, having established the Intergovernmental Fintech Working Group (IFWG) in 2016. The IFWG facilitates coordinated responses across key regulators, including the Financial Sector Conduct Authority and Prudential Authority. While not directly attributed to the IFWG, the release of ‘Joint Standard 2 of 2024: Cybersecurity and Cyber Resilience’, effective from 1 June 2025, reflects the country’s broader commitment to enhancing cyber readiness in financial services.
The Aon report raised concerns that firms either underinvest in cyber readiness or invest without a clear understanding of what true cyber resilience entails. “Organisations are grappling to understand the level of cyber risk their business is faced with at executive committee and board level,” said Ngidi. “As the threat landscape diversifies with new and developing technology, clients need to continuously invest in information security to counter these efforts…”
Time to check your cyber cover
One of the standout insights from the Aon report is that the cyber insurance market is more accessible than ever. Aon said that cyber premiums were in a downward trend, with US-based risks seeing a 7% drop in Q1 2025 alone.
Intense competition driven by an influx of new capital and the entry of innovative market players offering bundled products that combine cyber cover with real-time threat monitoring, incident response and endpoint detection tools kept Europe-wide prices in check. “The time is ideal for businesses of all sizes to enter the cyber insurance market; this is of utmost importance for increasingly vulnerable middle market companies,” noted Rieth. The caveat is to understand the risk and match that risk with an insurance solution.
According to Aon’s CyQu data, middle-market clients saw the highest year-on-year improvement in control maturity (11% in 2024), yet many remain without sufficient cyber cover. For example, more than half have never conducted a tabletop cyber exercise, and 45% conduct vulnerability scans that cover less than their full enterprise. The disconnect between cyber risk awareness and cyber insurance uptake also featured in the recently published Santam Insurance Barometer 2024-25.
Santam said around 81% of consumer respondents were ‘concerned’ or ‘very concerned’ about future cyber threats, yet only 2% had purchased insurance cover. And while eight in 10 commercial respondents had put additional cyber risk protections in place at their businesses, only 17% bought cyber insurance. “This suggests a preference for risk mitigation over risk transfer in the complex cyber realm,” the insurer said. Overall, the cyber risk coverage gap, plus a softening of prices, could be a strategic opportunity for brokers to improve uptake.
Building cyber insurance knowledge
The Aon report expanded on this disconnect, saying that despite the growing awareness of cyber risk, there are persistent misunderstanding about what cyber insurance covers. This is alarming in the context of reputational damage, which is cited as one of the most financially devastating but least insurable consequences of a cyber incident. Cyber insurance supports forensic investigation, business interruption and recovery costs, but the damage due to brand impact is largely non-transferable.
Rieth captured the challenge in the media release, saying that “as cyber threats grow more complex and interconnected, companies need a clearer view of their exposure, stronger alignment between cybersecurity and insurance strategies, and the tools to make better, data-driven decisions.” Brokers will play a big role in guiding clients’ responses to the challenge.
Writer’s thoughts:
Despite rising awareness of cyber threats, many clients remain underinsured or unclear about the cover they need. Are brokers overlooking an opportunity in this under-served space? And is there more to the cyber insurance gap than meets the eye? Please comment below, interact with us on X at @fanews_online or email us your thoughts [email protected].
