Thokozile Mahlangu, Chief Executive Officer at the Insurance Institute of South Africa
Liability insurance is a rapidly growing segment within the South African insurance space, driven by major market shifts and a raft of emerging threats that are affecting businesses and professionals across a variety of industry sectors.
Insurers are increasingly having to contend with rising liabilities that are leaving businesses and professionals more exposed than ever, including in areas such as basic business liability, directors and officers (D&O) liability and broad form liability.
All of this is coupled with a strong consumer environment that is being shaped by ever-evolving consumer behaviour, trends and demands, as well as a significantly changing regulatory environment.
One of the largest emerging liability risks remains that of cyberattacks, with data suggesting that cyber threats exploded during the COVID-19 pandemic, with a tenfold increase in attacks on digital networks in South Africa since government first declared a national state of disaster in March 2020.
This year alone, South Africa witnessed several high-profile cyberattacks, the most prominent being the recent ransomware attack on Transnet’s port operating systems, affecting the container-handling facilities at Durban’s port were affected, significantly increasing logistical congestion.
Because South African laws do not compel companies to publicly report cyberattacks, security experts warn that the known and publicised incidents are likely just the tip of the iceberg. In reality, the frequency and sophistication of cyber threats against South African companies are far more serious than we imagine.
Not just financial loss
Most cyber security threats are motivated by financial gain, yet their impact and the insurance risk they pose go beyond just the financial losses incurred in the form of paying a ransom or the costs of backup, recovery and downtime suffered by an organisation.
Cyberattacks can also have severe implications in terms of data breaches. Thus, the impact of cyberattacks must be viewed against the backdrop of changing regulatory frameworks and legislation that govern the handling and storage of customer data.
A prime example of this is South Africa’s recently-introduced Protection of Personal Information (POPI) Act and the Cybercrimes Act. This Acts mean that regulatory penalties and consequences for not protecting critical data have grown significantly, meaning that data breaches are now additional liability risks that insurance companies must take into consideration.
Prominent law firm Michalsons notes that companies must take proactive steps to comply with cyber laws as a means to mitigate risks (including privacy-related legal risks). However, insurance can also be an effective way of managing some of the risks.
Thus, related – but not limited to – data breaches and the handling of personal information is Directors and Officers (D&O) liability insurance, which protects the personal assets of corporate directors and officers in the event they are personally sued by employees, vendors, competitors, investors, customers, or other parties, for actual or alleged wrongful acts in managing a company.
Mitigating detrimental effects
D&O liability insurance covers some of the most important facets that have the power to cause detrimental effects on both an individual and a company, as it provides coverage for personal liability – claims made against directors and officers for “wrongful acts” where indemnity from the insured company is not available.
Some industry commentators have thus suggested that insurers must price risk differently to allow for the increased frequency and size of their D&O-related losses, which were not previously contemplated in their rating models. This is one reason why there has been a hike in pricing, as well as restrictions in cover and even markets withdrawing from certain industry sectors as appetites wane.
Additionally, insurers are facing a range of other liability risks, including riots and looting, product recall and climate change. Many of these have been exacerbated and accelerated by the ongoing COVID-19 pandemic and the resultant “new normal” under which we now operate.
While liability insurance is becoming a large focus area – and indeed a challenge – for many insurance companies, a variety of products and risk mitigation models are available to address these issues.
The future of insurance depends on insurers’ ability to explore new models of doing business to ensure relevance, while models that capitalise on the benefits of technology to meet a changing set of consumer demands can give insurers a competitive edge.
Proactively rethinking their business will position insurance companies to successfully mitigate the growing risks presented by commercial and professional liability