Cyber insurance and cyber defence: Why one does not work without the other

Sam Stuttard, Account Manager at Duxbury Networking. (Image: Duxbury Networking)

---

Cyber crime in South Africa is escalating at an alarming rate. According to the latest Sophos report on cyber insurance and cyber defences, 90% of organisations that experienced ransomware attacks in 2024 had cyber insurance. That might sound reassuring – until you consider that nearly half (47%) of organisations with cyber insurance had part of their claim denied, highlighting how incomplete cyber defences can impact payouts. 

This statistic points to a critical reality: cyber insurance alone is not a safety net. To qualify for a policy – and, more importantly, to benefit from it when an incident occurs – organisations must have the right security foundations in place. Duxbury Networking, the South African distributor of Sophos solutions, has seen how essential it is to treat cyber insurance and cyber defence as two sides of the same coin.

Cyber insurance has become a hot topic in boardrooms, especially following high-profile breaches and ransomware attacks in recent years. The premise is simple: a cyber insurance policy helps cover the costs associated with recovering from a breach, including legal fees, forensic investigation, customer notification and even ransom payments in certain cases.

But the reality is far more complex. In Sophos’s 2024 global research, 97% of organisations that purchased a cyber insurance policy said they invested in improving their defences to optimise their insurance position. Almost two-thirds (64%) invested in their cyber defences. These include multifactor authentication (MFA), regular patch management, endpoint protection and active monitoring – all of which must be provable and operational at the time of claim.

That means a policy is not just a checkbox; it is the outcome of a comprehensive cyber defence strategy.

Today’s insurers are highly selective when it comes to underwriting cyber risk. They assess the strength of an organisation’s defences before setting premiums or providing coverage. Sophos data shows that organisations with strong cyber security postures are far more likely to receive full coverage and faster payouts. In contrast, businesses with outdated systems, poor visibility or fragmented security tools face exclusions, higher deductibles or outright denial.

This is especially relevant for South African SMEs that may assume cyber insurance will “cover the gaps” in their defences. In practice, insurers are now demanding evidence of continuous monitoring, threat detection and response capabilities, and clearly defined incident response plans.

One of the reasons Duxbury Networking has partnered with Sophos is that its solutions are designed with cyber insurance requirements in mind. Through the Sophos Central platform, organisations gain unified visibility into their network, endpoints, cloud workloads and more – all backed by AI-powered threat detection and response.

Sophos Managed Detection and Response (MDR) has become a crucial enabler for many South African businesses. Not only does it provide 24/7 monitoring and rapid response to active threats, but it also creates audit-ready logs and proof of compliance – something insurers increasingly require during investigations.

Sophos also offers guided incident response services to help organisations navigate the post-attack chaos. This includes real-time support, forensic analysis, root cause identification and recommendations to close gaps – exactly what underwriters are looking for when assessing risk and validating claims.

While insurance is a smart investment, it should never become a reason to deprioritise proactive defence. A policy does not stop an attack – it simply helps cover the costs after the fact. Sophos found that organisations with both cyber insurance and MDR experienced a lower impact from ransomware attacks, including shorter recovery times and lower total cost of damage.

In other words, the combination of strong defences and financial protection leads to the best outcomes.

The South African threat landscape is becoming more complex, especially with increasing regulatory pressure around POPIA compliance, rising ransomware incidents and the cyber skill shortage impacting local businesses. For this reason, Duxbury Networking believes organisations must take a strategic view of cyber risk.

Ask yourself: is your current security posture strong enough to pass an insurer’s scrutiny? Do you have visibility across your endpoints, networks and users? Are your staff trained to detect phishing or social engineering attacks?

If the answer is no – or even “I’m not sure” – then now is the time to reassess your approach. Cyber insurance may play a role in your recovery plan, but it must sit atop a foundation of layered, intelligent and actively managed defences.

Duxbury Networking works closely with its partners to help them achieve that balance. With Sophos as Duxbury Networking's technology partner, the company is proud to offer not just world-class tools, but the guidance and support businesses need to strengthen their resilience.

Because in cyber security, coverage starts long before the policy.

For more information, contact Duxbury Networking at (+27) 011 351 9800, info@duxnet.co.za, www.duxbury.co.za.