Sophos and Phishield launch joint cybersecurity and insurance initiative in South Africa

The agreement links Sophos’ managed detection and response service with cyber insurance from Phishield, aiming to strengthen protection and reduce the financial impact of ransomware incidents.

Pieter Nel, Sales Director – SADC for Sophos in South Africa. (Image: Supplied)

Sophos, a global provider of cybersecurity solutions, and Phishield, a South African company specialising in cyber insurance underwriting, have announced a partnership that combines managed detection and response (MDR) with tailored insurance coverage. The collaboration is the first formal integration of its kind in sub-Saharan Africa.

The initiative follows the release of The State of Ransomware in South Africa 2025 report by Sophos, which highlights sharp increases in ransom demands and recovery costs. The report notes that the median ransom demand has reached R18 million, compared with R2.8 million in 2024. The median ransom payment rose to R8.3 million, while the average recovery cost increased to R24 million.

Under the new arrangement, organisations using Sophos MDR may qualify for preferential terms from Phishield, with coverage of up to R100 million. The model ties insurance conditions to a company’s security posture, linking premium levels and coverage scope directly to the adoption of proactive security measures.

Phishield, which is underwritten by Bryte Insurance Company Limited (a Fairfax company), emphasises that no single control eliminates cyber risk. Human error, weak credentials and unpatched vulnerabilities remain among the most common breach causes. By aligning insurance with MDR adoption, the company seeks to make cyber risk more measurable for both insurers and clients.

The Sophos report also found that 60% of ransomware incidents in South Africa resulted in data encryption, with 39% involving data theft. Among the organisations that experienced encryption, 71% paid the ransom to restore operations. Similar attack patterns are being reported in neighbouring countries including Zimbabwe, Botswana and Namibia.

Both companies stated that the model is intended to reduce the gap between prevention and recovery. Continuous monitoring and incident response through MDR are complemented by financial coverage, giving businesses additional resilience against the operational and economic effects of ransomware.