Irrespective of whether you are an investment manager, financial advisor, wealth manager or another stakeholder in the South African financial services sector, these two words are core to your value proposition and your ability to win and retain clients.
In the past, you may have been able to control much of this through hiring the right people or developing a disciplined internal ethos or culture. Today these can be crushed by a rising new threat which can cripple firms overnight.
Cybersecurity.
Some 65% of South African investment management firms report having no cybersecurity cover according to recent insights by Prescient Fund Services, a global fund administration and platform solutions firm, following a recent due diligence process with a sample size of 62.
Among the 47 smaller firms surveyed, 35 respondents had no cyber specific cover whatsoever, and those that did had average coverage of just R6 million. In stark contrast, two large firms disclosed cyber insurance cover of R700 million and R500 million.
This disparity highlights the exposure gap between small and large firms and suggests a lack of awareness, affordability or urgency among smaller players. Some firms indicated that cyber cover was included in their professional indemnity (PI) policies, but these often fall short in adequately covering cyber-specific incidents such as ransomware or data recovery costs.
While the sample of 62 investment management firms is not representative of the entire industry, it highlights a concerning trend among smaller firms, in particular. Without adequate protection, Financial Services Providers (FSPs) are not just exposing themselves to cyber threats, instead they are, knowingly or not, placing their clients’ financial futures at risk.
This is particularly concerning considering the Financial Services Conduct Authority (FSCA) and the Prudential Authority’s (PA) Joint Standard on Cybersecurity and Cyber Resilience which comes into effect on 1 June 2025. This standard sets out the industry best practice that FSPs will need to adopt to ensure robust cybersecurity infrastructure.
In a world where a single phishing email can shut down operations or leak sensitive client data, this is not just a vulnerability but an often-overlooked risk with potentially devastating consequences.
The International Monetary Fund’s April 2024 Global Financial Stability Report underscores the severity of rising cyber threats, revealing that extreme cyber losses have surged to $2.5 billion globally since 2017, with emerging and developing economies particularly at risk.
Imagine this: An FSP’s email is hacked. A fraudster sends a fake investment instruction to a long-time client, posing as the advisor. Funds are transferred. Days pass before the error is discovered. The client blames the advisor – and takes their business elsewhere. Without cyber insurance, there’s no safety net for either party.
When a FSP is hit by a cyberattack, it’s not just their business that suffers. Clients can also experience direct losses through fraudulent withdrawals, identity theft and intercepts or delays in processing investments.
Without cyber insurance, all costs associated with recovery may fall on the FSP. These expenses could include IT forensics, legal representation, potential fines under the Protection of Personal Information Act (POPIA) and possibly compensating affected clients.
According to the Southern Africa Fraud Prevention Service (SAFPS), fraud incidents are up 32% in the last year and FSPs are increasingly being targeted through sophisticated attacks. These attacks include phishing scams, ransomware attacks, and data breaches, to name a few.
Why cybersecurity cover matters
Cybersecurity insurance is no longer a luxury or a box-ticking exercise; it’s a critical risk management tool. A well-structured policy provides more than just financial coverage; it gives access to expert IT forensic teams, breach containment and response services, legal assistance, regulatory support, client notification protocols and even public relations guidance in the wake of an incident.
For FSPs, this support means faster recovery, reduced financial impact and retained client trust.
In a digital world, trust is currency.
Now is the time to conduct a thorough cyber risk assessment, review the limitations of existing cover, and ensure your business has dedicated cyber insurance in place. The cost of protection is minimal compared to the cost of recovery.
With attacks growing more sophisticated and regulatory scrutiny tightening, the question isn’t whether FSPs need cybersecurity cover, it’s whether you are willing to risk their business and your clients’ financial security on going without it.
Written by Kim Gibb, CEO of Prescient Management Company