As cyber threats continue to evolve, South Africa has found itself grappling with an alarming statistic: the nation now ranks 14th globally in the average cost of a data breach, with 2023 seeing figures reach a staggering $2.78 million (more than R49 million).
This revelation comes from Allianz’s annual cyber risk outlook report, highlighting the severe financial repercussions of data breaches on organisations within the country.
The report lays bare a growing global concern, with the US leading the pack with the highest average cost at $9.36m (more than R165m).
Following the US are the Middle East at $8.75m (R154m), Benelux at $5.90m (R104m), Germany at $5.31m (R94m), and Italy at $4.73m (R83m).
These figures underscore a worrying trend in cyber-related incidents, particularly data breaches, which have emerged as an increasing risk for businesses worldwide.
Michael Daum, global head of cyber claims at Allianz Commercial, attributed the rising trend in data breach losses to shifting attacker tactics.
Daum noted a significant rise in ransomware attacks and the growing interdependence of organisations sharing large volumes of personal records.
“The evolving regulatory and legal environment has resulted in a surge in ‘non-attack’ data privacy-related class action litigation, particularly due to wrongful data collection or processing," Daum explained.
The share of these claims has notably tripled in value over the past two years.
The healthcare, social media, and gaming sectors have found themselves under significant scrutiny, with multiple class action lawsuits filed against companies for using tracking tools like Meta Pixel to monitor consumer behaviour.
Even entertainment streaming platforms have come under fire for allegedly violating privacy protection rights. The MOVEit data breach last year serves as a stark reminder of the legal challenges organisations may face, resulting in over 240 consolidated lawsuits.
Allianz’s report stresses the growing frequency of cyber claims, particularly those exceeding €1 million (R19.3m). In the first half of this year alone, such claims have increased by 14%, while the severity has risen by 17%.
“Data and privacy breach-related elements are present in two thirds of these large losses,” Daum said.
Overall, the total number of cyber claims is projected to stabilise, following a dramatic 30% increase last year, resulting in over 700 claims.
As data breaches proliferate, so does the risk of litigation in Europe. A rising awareness of data protection rights, coupled with a more favourable litigation environment and third-party funding, hints at a shift towards mass data privacy claims in the region. Nevertheless, this trend is yet to mirror the scale observed in the US.
Vanessa Maxwell, global head of cyber and financial lines at Allianz Commercial, asserted the insurance industry’s crucial role in addressing data privacy as part of cyber risk management.
“The value of cyber insurance extends beyond mere claims payment; it aids companies in justifying investments in cyber security,” Maxwell remarked.
Effective cyber hygiene practices—such as robust access controls, database segregation, backups, and regular training—were essential for mitigating data breach risks.
Rishi Baviskar, global head of cyber risk consulting at Allianz Commercial, emphasised the necessity of early detection and response capabilities.
“Around two thirds of breaches are typically reported by a third party or the attackers themselves. Undetected breaches can be exponentially more costly—almost 1 000 times in some cases,” he cautioned.
In the ongoing battle against cyber threats, artificial intelligence (AI) is emerging as an indispensable ally. AI can swiftly detect breaches and isolate affected systems, significantly reducing the cost and duration of data breach claims by automating time-consuming processes such as forensics and notifications—potentially saving organisations millions.