Factors influencing cyber insurance adoption in South Africa industry
Mbatha, Nkosinathi Sphiwe
Organisations are benefiting from the use of emerging digital technologies for improved efficiencies. These technologies are vulnerable to cyber-attacks resulting in breaches on organisational assets. Cyber-attacks necessitates boards and top management to strategically rethink their cybersecurity approaches to managing cyber risks. The purpose of the study was to explore the factors influencing cyber insurance adoption in the South African industry. The study adapted Technology-Organisation-Environment (TOE) theoretical framework to investigate cyber insurance adoption relevant to the South African context. The review of literature focused on the cybersecurity, cyber risk management, and cyber insurance phenomenon to understand the global and developing world landscape. The research design followed the systemic collection of qualitative data through semi-structured interview questions on the purposefully selected sample of professionals in the public and private sectors of the South African industry. The analysis and interpretation through categorisation of patterns of data collected enabled presentation and discussion of emerging themes resulting in findings. The key findings relate to effective cybersecurity awareness, organisational approach to managing cyber risks, as well as the nature of industry and compliance with legislation. The study established that the combination of effective cybersecurity awareness, the relationship between the strategic organisational approach to cybersecurity and top management support towards cyber risk management as well as compliance with legislation are the factors influencing cyber insurance adoption in the South African industry. In order to meet the research objectives, various conclusions were made. The study concluded that effective cybersecurity awareness must be viewed as a strategic imperative to enable organisations to operate securely. The study also concluded that organisations must proactively approach cybersecurity strategically thereby ensuring effective top management buy-in. The study concluded that the POPI Act is the primary driver of cyber insurance adoption in the South African industry.
A research report submitted in fulfilment of the requirements for the degree of Master of Management in the field of Digital Business to the Faculty of Commerce, Law and Management, University of the Witwatersrand, Johannesburg, 2020