{"id":16552,"date":"2026-01-28T13:59:31","date_gmt":"2026-01-28T13:59:31","guid":{"rendered":"https:\/\/microvibenews.com\/?p=16552"},"modified":"2026-01-28T13:59:31","modified_gmt":"2026-01-28T13:59:31","slug":"why-cyber-insurance-claims-are-increasingly-being-rejected","status":"publish","type":"post","link":"https:\/\/microvibenews.com\/?p=16552","title":{"rendered":"Why cyber insurance claims are increasingly being rejected"},"content":{"rendered":"<p><\/p>\n<div id=\"textFreeArticle\">\n<p><iframe loading=\"lazy\" src=\"https:\/\/iframe.iono.fm\/e\/1640020?layout=modern\" width=\"100%\" height=\"170\" frameborder=\"0\" data-mce-fragment=\"1\"><\/iframe><\/p>\n<p>You can also listen to this podcast on iono.fm here.<\/p>\n<p><strong>J<\/strong><strong>EREMY MAGGS:<\/strong> Now this is worrying. Nearly half of cyber insurance claims are now being rejected or partially denied, as insurers take a harder line on cybersecurity standards and governance.<\/p>\n<p>A new global study shows many businesses are losing out because what they declared in their policies don\u2019t actually match what is happening in the workplace when an attack occurs.<\/p>\n<p>Listen\/read: SA earns top spot as target for cyber attacks [2025]<\/p>\n<p>I want to explore this in a little more detail. I\u2019m in conversation with Muhammad Ali, managing director of cybersecurity and ISO specialist at World Wide Industrial &amp; Systems Engineers (WWISE).<\/p>\n<p>Muhammad, a very warm welcome. I want to start with this headline figure, 47% of claims rejected. Is this about insurers dodging payouts or companies overselling their cyber readiness?<\/p>\n<p><strong>MUHAMMAD ALI: <\/strong>Yeah, I think it\u2019s a very valid question. I think it\u2019s a combination of both factors.<\/p>\n<p>Firstly, I think a lot of corporate organisations feel that they have everything in order. The IT team give them a report, and the top management or the board are all comfortable in terms of what\u2019s going on.<\/p>\n<p>Very little investment is taken into cybersecurity and protecting their privacy and information, personal information as well as their data.<\/p>\n<blockquote>\n<p>Sometimes I feel like people consider cybersecurity as a cost, as opposed to an investment. In today\u2019s time, it\u2019s about when am I getting attacked, as opposed to if.<\/p>\n<div class=\"visible-sm-block visible-xs-block m1010\">\n<div class=\"ad-container-wrapper\">\n<p>ADVERTISEMENT<\/p>\n<p>CONTINUE READING BELOW<\/p>\n<\/div>\n<\/div>\n<\/blockquote>\n<p>You need to know that you are going to go through an attack. Now, there are multiple factors where organisations have misinterpretation of their security controls.<\/p>\n<p>Maybe they have policies that are well written, but it does not talk to what\u2019s actually on the ground. Or perhaps they have very incorrect policies or outdated policies that are in place.<\/p>\n<p>Read: IT consultants also need business interruption insurance [2024]<\/p>\n<p>Now, when a cyber insurance company comes in and let\u2019s look at it from their point of view, and you\u2019re perhaps paying a premium. They\u2019ve done an assessment and analysis. They actually look at all of these things. They look at your misrepresented controls, weak governance, outdated practices.<\/p>\n<p>The assumption is that I\u2019m going to get a payout because I\u2019ve got a cybersecurity insurance that\u2019s going on. That\u2019s not the case, due to noncompliance businesses are exposing themselves without investing and following the actual protocols within their policies. So it\u2019s a factor of both.<\/p>\n<p><strong>JEREMY MAGGS: <\/strong>What you\u2019re suggesting to me is that buying cyber insurance these days is not a cyber strategy.<\/p>\n<p><strong>MUHAMMAD ALI: <\/strong>Not at all. I think cybersecurity is in the top ten risks in most corporate blue-chip companies; and thinking that cyber insurance is going to protect them and their assets, it\u2019s a misconception.<\/p>\n<p>Cybersecurity insurance companies will assist you through a cyber attack, through a ransomware attack, but it does not guarantee that they will provide a payout, and that\u2019s the misconception.<\/p>\n<p>Read: SA businesses vulnerable to cyberattacks [2024]<\/p>\n<p>That is totally due to the fact that the organisation themselves have not read the terms and conditions and been able to fulfil their side of the things, which is actually good governance when it comes to cybersecurity.<\/p>\n<p>They are negligent and they are unfortunately not following the basic parameters of what cybersecurity is all about.<\/p>\n<p><strong>JEREMY MAGGS: <\/strong>Let me throw another big number at you. Ransom demands in South Africa have jumped to around R17 million. At that level, is cyber insurance still affordable or, Muhammad, even viable at this point?<\/p>\n<div class=\"visible-sm-block visible-xs-block m1010\">\n<div class=\"ad-container-wrapper\">\n<p>ADVERTISEMENT:<\/p>\n<p>CONTINUE READING BELOW<\/p>\n<\/div>\n<\/div>\n<p><strong>MUHAMMAD ALI<\/strong><strong>: <\/strong>Yeah, it would depend. I think there are multiple factors. If you look at denial of service, I think that is perhaps one of the key factors. If a cyber attack occurs with ransomware coming in, they can deny you from operating. So your production or operations may stop.<\/p>\n<blockquote>\n<p>Now, depending on the number of days you are basically stationary, this can result in millions and millions of dollars, aside from the reputational damage.<\/p>\n<\/blockquote>\n<p>If you are listed to a to a stock market, then you have to \u2013 whether you are attacked or non-attacked \u2013 you have to inform the regulator of the attack, because that\u2019s law. This can have significant reputational damage. I think you need to weigh up the investment and the return thereof.<\/p>\n<p>If you are paying a significant amount on cyber insurance and you need to look at the attack or the downtime that it can have, the impact it can have to your processes, your systems, your applications, your users, the data in itself, whether there\u2019s sensitive information and the regulator getting involved.<\/p>\n<p>It\u2019s a catch-22, so I think it\u2019s a good assessment to make to be able to determine whether the premiums you\u2019re paying are actually worthwhile. But there are ways of reducing these premiums.<\/p>\n<p><strong>JEREMY MAGGS: <\/strong>Another trend is a move away from the annual audit to continuous assurance. I understand what you\u2019re saying, but I would also ask whether most South African firms are technically capable of that shift.<\/p>\n<p><strong>MUHAMMAD ALI: <\/strong>Right now, as it stands, we do have a lack of skills, and we do have a lack of practical skills, I think that\u2019s the key word.<\/p>\n<p>A lot of people grow within the ranks quite quickly and they get into a leadership role, a management role, and there\u2019s nothing wrong with that, but the technical ability of being able to read firewall rules, to be able to understand the network security parameters and be able to understand the default settings, are not your golden or silver bullet.<\/p>\n<p>Listen: Insurance trends: Storm-proofing your business<\/p>\n<p>You need to be able to be technically inclined to understand what types of threats there are, what types of vulnerabilities there are, and not only just keeping the basics of awareness throughout the users up to date, but it\u2019s about keeping your systems and applications up to date.<\/p>\n<p>I think there is a gap in South Africa when it comes to that understanding.<\/p>\n<div class=\"visible-sm-block visible-xs-block m1010\">\n<div class=\"ad-container-wrapper\">\n<p>ADVERTISEMENT:<\/p>\n<p>CONTINUE READING BELOW<\/p>\n<\/p><\/div>\n<\/div>\n<p>This is why we are where we are in South Africa when we are sitting ducks, if you want to call it that, because ransomware attackers or cybersecurity attackers, you will see around the world, look at South Africa from the healthcare perspective, from a banking perspective, or just from an industry perspective.<\/p>\n<p>Listen\/read: AI-powered scams target SA banks, insurers and retailers<\/p>\n<p>They see that we\u2019re negligent or we do not have the necessary skills, so we become a threat or an easy target. I think we still need to educate ourselves and get the right skills and stop fooling ourselves by misinterpreting that we do know what\u2019s going on.<\/p>\n<p><strong>JEREMY MAGGS: <\/strong>All right. Just a quick answer, as we come to the end of this conversation. If a chief executive officer or chief information officer is listening to this conversation and wants to avoid becoming part of that 40% that I mentioned at the beginning, what\u2019s the one control then they need to get right immediately?<\/p>\n<p><strong>MUHAMMAD ALI: <\/strong>I think it\u2019s very important to align yourself to an internationally best practice standard. That\u2019s the first thing.<\/p>\n<p>Now, with your insurance firm, they don\u2019t declare this out to you, but whether it\u2019s ISO 27001 or a Nist (National Institute of Standards and Technology) framework, if you align yourselves to that particular standard by effectively implementing the controls \u2013 and I recommend ISO 27 because you can get an independent, impartial, accredited certification that is recognised around the world \u2013 it helps you reduce your cyber insurance premiums drastically, sometimes up to 50%.<\/p>\n<p>More so that standard with your annual external audits and your rigorous internal audit controls, you will see that the awareness of users is going to improve because you are communicating the content of policies, and the actual policies that are embedded on your applications for security parameters are more understood.<\/p>\n<p>Read: Sarb bolsters defences against cyberattacks [2025]<\/p>\n<p>Not only are you improving the posture of the organisation, but enhancing the individual in the organisation for their practicality in the real world so they don\u2019t become a victim of credit card fraud or a cyber attack. I would suggest that would be your go-to standard as a CEO or an executive.<\/p>\n<p><strong>JEREMY MAGGS: <\/strong>Thank you very much indeed, Muhammad Ali, managing director of cybersecurity and ISO specialist at WWISE, enjoy talking to you. Appreciate your time.<\/p>\n<p><em>Follow Moneyweb\u2019s in-depth finance and business news on WhatsApp here.<\/em><\/p>\n<\/p><\/div>\n<p><script data-cfasync=\"false\">\n            !function(f,b,e,v,n,t,s)\n            {if(f.fbq)return;n=f.fbq=function(){n.callMethod?\n                n.callMethod.apply(n,arguments):n.queue.push(arguments)};\n                if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';\n                n.queue=[];t=b.createElement(e);t.async=!0;\n                t.src=v;s=b.getElementsByTagName(e)[0];\n                s.parentNode.insertBefore(t,s)}(window, document,'script',\n                'https:\/\/connect.facebook.net\/en_US\/fbevents.js');\n            fbq('init', '779812924991616');\n            fbq('track', 'PageView');\n        <\/script>#cyber #insurance #claims #increasingly #rejected<\/p>\n","protected":false},"excerpt":{"rendered":"<p>You can also listen to this po&hellip; <\/p>\n","protected":false},"author":1,"featured_media":16553,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[6153,768,10050,603,9561],"_links":{"self":[{"href":"https:\/\/microvibenews.com\/index.php?rest_route=\/wp\/v2\/posts\/16552"}],"collection":[{"href":"https:\/\/microvibenews.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/microvibenews.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/microvibenews.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/microvibenews.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=16552"}],"version-history":[{"count":0,"href":"https:\/\/microvibenews.com\/index.php?rest_route=\/wp\/v2\/posts\/16552\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/microvibenews.com\/index.php?rest_route=\/wp\/v2\/media\/16553"}],"wp:attachment":[{"href":"https:\/\/microvibenews.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=16552"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/microvibenews.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=16552"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/microvibenews.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=16552"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}