As South Africa marks Data Privacy Day on 28 January, the latest ASISA–SAIA Cybersecurity Incident Response Team (CSIRT) Q4 2025 report offers a cautiously reassuring snapshot of the financial sector, with the overall cyber threat level remaining Guarded (Green).

According to the South African Insurance Association, this reflects improving resilience rather than reduced risk, as cyber threats continue to evolve beneath the surface, becoming more targeted, more adaptive, and increasingly opportunistic, with phishing remaining the dominant attack vector.

Within this environment, insurance advisers and brokers may find themselves increasingly exposed. They manage and safeguard vast volumes of highly sensitive personal and financial information, including identity numbers, banking details, policy data, and confidential client records, placing them at the centre of a rapidly expanding digital risk landscape and making cybersecurity an unavoidable business imperative.

“Advisers and brokers are no longer a secondary target for cybercrime; they are now firmly in the crosshairs. From a cybercriminal’s perspective, advisory practices represent high-value data environments, which makes them particularly attractive targets,” warns Xolile Mthembu, Head of IT Governance, Risk, Compliance & Security at Old Mutual Insure.

The consequences of cyber incidents extend far beyond technical disruption. A data breach can expose clients to financial harm, interrupt core business operations, and trigger regulatory obligations under the Protection of Personal Information Act (POPIA), all while placing significant strain on trust-based client relationships that form the foundation of the insurance profession.

“Cyber risk is often misunderstood as an IT issue, when in reality it is a business survival issue because it can shut down systems, halt service delivery, and cause reputational damage that can be extremely difficult to recover from. And, in my view, the most damaging loss is often the loss of client trust, which can be far more severe than the immediate financial cost,” Mthembu says.

POPIA has further intensified the pressure on data-driven businesses. Organisations that experience data breaches are required to notify affected clients and relevant regulators, and this could increase regulatory scrutiny at precisely the moment when operational capacity may already be compromised.

The 2025 Verizon Data Breach Investigations Report highlights that approximately 60% of data breaches involve a human element, indicating that human error and a lack of cybersecurity awareness are significant factors in these incidents. “This statistic emphasizes the importance of cybersecurity training and measures to enhance security awareness amongst our employees, contractors, customers and including our brokers” Mthembu says.

“POPIA has made it clear that protecting personal information is not optional. Advisers are accountable not only to their clients, but also to the regulator, and a cyber incident can escalate very quickly into a compliance and legal crisis if the business is not properly prepared,” Mthembu warns further.

She further adds that despite this reality, cyber risk remains one of the least understood and most underinsured exposures within the financial services sector. “While preventative measures such as staff awareness, secure systems, and access controls are essential, they cannot eliminate risk entirely”.

“No organisation is immune to cybercrime, regardless of size or sophistication of their controls. So, the real question is not whether an incident will occur, but rather how well a business is equipped to respond when it does,” Mthembu says.

This is where brokers must take proactive steps to ensure they are adequately protected should a cyber incident occur, Mthembu says. “While strong preventative measures remain essential, they need to be supported by appropriate detective and response capabilities that enables brokers to detect cyber-attacks timeously, and respond and recover quickly with minimal impact to business operations or client data”.

“Cyber resilience is about preparedness. It ensures that when an incident occurs, businesses are not left navigating a complex and high-pressure situation without a plan but can respond decisively, contain the damage, minimise disruption to operations, and recover as quickly as possible,” adds Mthembu.

Data Privacy Day places a renewed focus on the protection of personal information, and the reality for advisers and brokers is clear - cyber risk has become an integral part of their everyday professional responsibility.