Aon South Africa, released its 2023 Cyber Risk Survey for South Africa earlier this week providing insights on current trends in cyber risk governance practices being deployed by South African companies in various market segments.
“The survey offers commentary on the future direction of cybersecurity, given the rapidly evolving manner of the risk, its solutions and legislative policies, to provide forward-looking guidance to businesses from a South African perspective,” says Zamani Ngidi, Cyber Solutions Senior Client Manager and co-author of Aon’s 2023 Cyber Risk Survey.
The Survey Found That:

22% of respondents suffered a cyber incident in the past five years.
Furthermore, 67% of participants deploy a cyber risk management tool.
Only 50% of respondents have a board-level cyber champion.
72% of participants purchase cyber insurance.

One of the key findings of Aon’s 2023 Cyber Risk Survey is that companies are more likely to ‘beef up’ their cybersecurity following a cyber incident. “We question whether companies that have suffered a cyber-attack would have better cyber risk management practices in place, than those who did not suffer an attack.
The findings in the survey show that of the 22% of respondents that have suffered a cyber attack, all subsequently have the full stack of cyber-related covers and tools in place as opposed to their counterparts, with less than 50% uptake on mitigation controls,” says Zamani.
Companies Avoiding High Costs of Proactive Risk Management
The survey also found that only 43% of South African companies with revenue of less than R100m deploy a cyber risk management tool, as opposed to 80% of companies with revenue of over R100m.
“It points to two possible scenarios, where smaller companies are finding the cost of proactive risk management too high, or it could point to a perception that the risk is only reserved for companies with a higher revenue bracket,” Zamani explains.
“In light of these findings, the survey unpacks the different types of covers and tools that a South African business should consider, exploring the interconnected nature of cyber risk and its impact on a business, no matter the size or revenue,” Zamani adds.