The ASISA-SAIA Cybersecurity Incident Response Team’s report for the last quarter of 2025 provides a cautiously reassuring snapshot of the financial sector, with the overall cyber threat level remaining “guarded”.
According to the South African Insurance Association, this reflects improved resilience rather than reduced risk, because cyber threats continue to evolve, becoming more targeted, more adaptive, and increasingly opportunistic, with phishing remaining the dominant attack vector.
Within this environment, insurance advisers and brokers may find themselves increasingly exposed. They manage and safeguard vast volumes of highly sensitive personal and financial information, including identity numbers, banking details, policy data, and confidential client records, placing them at the centre of a rapidly expanding digital risk landscape and making cybersecurity an unavoidable business imperative.
“Advisers and brokers are no longer a secondary target for cybercrime; they are now firmly in the crosshairs. From a cybercriminal’s perspective, advisory practices represent high-value data environments, which makes them particularly attractive targets,” says Xolile Mthembu, Old Mutual Insure’s head of IT governance, risk, compliance, and security.
The consequences of cyber incidents extend beyond technical disruption. A data breach can expose clients to financial harm, interrupt core business operations, and trigger regulatory obligations under the Protection of Personal Information Act, while placing significant strain on trust-based client relationships that form the foundation of the insurance profession.
“Cyber risk is often misunderstood as an IT issue, when in reality it is a business survival issue because it can shut down systems, halt service delivery, and cause reputational damage that can be extremely difficult to recover from. And, in my view, the most damaging loss is often the loss of client trust, which can be far more severe than the immediate financial cost,” Mthembu says.
POPIA has intensified the pressure on data-driven businesses. Organisations that experience data breaches are required to notify affected clients and relevant regulators, and this could increase regulatory scrutiny when operational capacity may already be compromised.
The 2025 Verizon Data Breach Investigations Report highlights that about 60% of data breaches involve a human element, indicating that human error and a lack of cybersecurity awareness are significant factors in these incidents.
“This statistic emphasizes the importance of cybersecurity training and measures to enhance security awareness amongst our employees, contractors, customers and including our brokers” Mthembu says.
“POPIA has made it clear that protecting personal information is not optional. Advisers are accountable not only to their clients, but also to the regulator, and a cyber incident can escalate very quickly into a compliance and legal crisis if the business is not properly prepared,” she says.
Mthembu adds that despite this reality, cyber risk remains one of the least understood and most underinsured exposures within the financial services sector. Although preventative measures such as staff awareness, secure systems, and access controls are essential, they cannot eliminate risk entirely.
“No organisation is immune to cybercrime, regardless of size or sophistication of their controls. So, the real question is not whether an incident will occur, but rather how well a business is equipped to respond when it does,” Mthembu says.
This is where brokers must take proactive steps to ensure they are adequately protected if a cyber incident occurs, Mthembu says. Although strong preventative measures are essential, they need to be supported by appropriate detective and response capabilities that enable brokers to detect cyber-attacks timeously and respond and recover quickly with minimal impact to business operations or client data.
“Cyber resilience is about preparedness. It ensures that when an incident occurs, businesses are not left navigating a complex and high-pressure situation without a plan but can respond decisively, contain the damage, minimise disruption to operations, and recover as quickly as possible,” Mthembu says.
