Commercial Cyber

Data and systems are key assets for most companies because without them you cease to exist

From a lost device to a more deliberate cyber-attack, ITOO Cyber Insurance provides your business with access to expert knowledge and resources to effectively manage and recover from a cyber incident.

Why get your Commercial Cyber covered by iTOO?

Designed to cover the resultant costs and damages from a privacy breach or a network security breach, a cyber insurance policy covers what has previously been uninsurable providing comprehensive first and third-party coverages with an expert incident response process.

Far broader than the name cyber would imply, our policy extends to cover numerous incidents including but not limited to:

  • Cyber extortion and malware (viruses, ransomware, or publishing of stolen data).
  • Denial of service (disruption to operations).
  • Downstream attack (a compromise of your environment resulting in damages to others).
  • Insider and privilege misuse (unauthorised access and use of systems and data by employees and service providers).
  • Physical theft and loss (both devices and physical hard copy data).
  • Threats posed by third party access into a client environment.
  • Hacking.

Our comprehensive cyber insurance policy can be tailored to your requirements and provides the following coverages:

1st Party

Regulatory fines

Fines imposed by a government regulatory body due to an information privacy breach.

Business interruption

Loss of income and increased cost of working as a result of a systems security incident.

Data restoration

Costs to restore, re-collect or replace data lost, stolen or corrupted due to a systems security incident.

Outsourced service provider

Cover for exposure to named outsourced service providers including:

  • defence and settlement of liability claims resulting from your data being compromised from an outsourced service provider;
  • business interruption losses resulting from a systems security incident at an outsourced service provider; and
  • costs to change to an alternate outsourced service provider if required.

E-Financial loss

Unrecoverable loss of money, belonging to or for which you are legally responsible, as a direct result of a system security incident by a third party. Cryptocurrency losses are excluded.

Payment card industry fines and penalties

Cover for direct monetary fines, penalties, assessments, chargebacks, reimbursements and fraud recoveries which you become legally obligated to pay in terms of a merchant services agreement as a direct result of a network security breach resulting from non-compliance with PCI-DSS.

Reasonable costs to demonstrate your ability to prevent a future breach as required by your merchant services agreement.

Phone phreaking

Call and/or bandwidth usage costs you are legally obligated to pay as a result of unauthorised use of your telecommunications system by a third party.

Physical damage

Costs to replace or repair direct physical damage of tangible property belonging to or rented, leased or hired by you as a direct result of a system security incident.

3rd Party

Privacy liability

Defence and settlement of liability claims arising from compromised information.

Network security liability

Defence and settlement of liability claims resulting from a system security incident affecting systems and data as well as causing harm to third-party systems and data.

Media liability

Defence and settlement of liability claims resulting from disseminated content (including social media content) including:

  • Defamation;
  • Unintentional copyright infringement; or
  • Unintentional infringement of right to privacy.

Incident response

Incident response costs

Costs to respond to a system’s security incident, including:

  • to obtain professional (legal, public relations and IT forensics) advice, including assistance in managing the incident, co-ordinating response activities, making representation to regulatory bodies and coordination with law enforcement;
  • to perform incident triage and forensic investigations, including IT experts to confirm and determine the cause of the incident, the extent of the damage including the nature and volume of data compromised, how to contain, mitigate and repair the damage, and guidance on measures to prevent reoccurrence;
  • for crisis communications and public relations costs to manage a reputational crisis, including spokesperson training and social media monitoring;
  • for communications to notify affected parties; and
  • for remediation services such as credit and identity theft monitoring to protect affected parties from suffering further damages.

We are different

Our cyber insurance offering includes a defined incident response process including a wide range of experienced specialists with a local presence as well as global experience and expertise, spanning the following key areas:

  • IT response costs to understand, mitigate and recover from the incident
  • Crisis communications and public relations costs, to reduce potential reputational damage and customer churn
  • Notification and remediation services, to prevent affected parties suffering further damages


The Reality of Cyberbullying in South Africa – Trends, Warning Signs and Consequences

The rise of social media and digital communication channels has facilitated the spread of cyberbullying, with platforms such as Facebook...

14 March 2024

Cybercrime in Africa: a huge risk with huge opportunities

Cybercrime costs more per year globally than all natural disasters – in fact, it’s now even more profitable than the...

1 November 2023

3 Scenarios in which a business will be glad they have cyber insurance

Cyber security can seem like an incredibly abstract issue – until a breach takes place and the virtual becomes reality very...

15 October 2023

11 Cyber security statistics that will make you change your password immediately

Cyberattacks on South African companies are on the rise – and they’re becoming increasingly sophisticated. The spike in attacks started...

29 September 2023

How to get cover

All iTOO business has to be done via independent brokers so please ask your broker to contact us if you would like to get a quote for your Cyber Liability cover. If you do not have a broker and would like us to recommend possible FAIS registered brokers trained in our products, please fill in your details on our Find a Broker page. If you are a broker and would like more detail about our cover, please contact one of our product experts, whose details can be found here.

Proposal Checklist

These are all the things you'll need to complete a Commercial Cyber proposal form.

  • Must be completed electronically and in full
  • Technical questions answered by your IT service provider
  • Full disclosure of number of records stored

Forms & Downloads

iTOO Cyber Insurance Overview

For companies with a turnover above R250m or companies which do not meet the iTOO Go qualifying criteria.

iTOO Cyber Insurance Proposal Form

For companies with a turnover above R250m or companies which do not meet the iTOO Go qualifying criteria.

iTOO-GO Product Overview

For qualifying companies with revenue below R250m our iTOO-GO offering with simplified underwriting and pre-underwritten rates.

iTOO-GO InstaQuote

For qualifying companies with a revenue below R250m.

How to claim

Speed, efficiency and experience is critical to reducing the exposure, costs and reputational damage. With iTOO’s Cyber Insurance Policy you are assured of access to highly acclaimed expert resources including experienced cyber mitigation and incident response specialists with a local presence and proven capabilities.

Our emergency incident response hotline is available 24/7 on:

0861 767 778 or

Commercial Cyber Contacts


Why would my company be a target?

Attacks such as ransomware are indiscriminate and can affect any company and every industry. Smaller companies are often a target for hackers particularly if they are found to have less sophisticated IT infrastructure. Smaller companies can be severely impacted following a breach as they are required to absorb the high incident response costs. Compromises at larger companies tend to yield larger data sets for theft and break into the news, which can boost a hackers’ reputation.

Can I protect my business without purchasing cyber insurance cover?

There are many ways to mitigate the risk of cyber threats such as staff education, encryption, bring-your-own-device policies and password policies, however, even the most diligent businesses can be exposed to a cyber-attack.

We use state of the art protection; do we still need cyber insurance?

Having the latest technology, firewalls and encryption will reduce the risks of a breach occurring however, many cyber threats originate internally from employee mistakes (misplacing a laptop, or not disposing of confidential information securely). Having state of the art protection is not a 100% guarantee against an incident occurring.

What if we use a cloud provider to store client data?

You are the custodian of the data and remain responsible for any data lost in a breach. Look to use a cloud service provider that can provide reasonable assurance that your data will be protected, however, there is still a chance your business could be held liable for data compromised from the cloud environment (the same would apply for other outsourced providers you make use of and share data with).

Does any other liability policy provide cyber cover?

A cyber insurance policy provides the most comprehensive cover for system and data related risks. 

  • A Professional Indemnity policy provides limited cover for third party data loss but only as it relates to the provision of professional services.
  • A General Liability policy, as data is deemed intangible provides no cover.
  • A Business Interruption policy requires physical damage to trigger the policy and incidents such as ransomware or hacking a server may reflect no physical damage.
  • A Commercial Crime policy provides cover for first party financial loss only.
  • A Directors & Officers policy will likely be triggered after a cyber breach but will not cover the business interruption, incident response or liability damages suffered by the company.

How do I apply for cover?

A fully completed proposal form would be required in order to provide you with a quote.

  • For qualifying companies with a revenue below R250m see our iTOO-GO proposal form with simplified underwriting. Please note that this offering is not available to the following industries:  financial institution; call centre/telemarketer; payment card aggregator/processor; data processor/outsourcer; healthcare centre/provider (turnover > R25 million); internet service/hosting/cloud storage provider; payroll processor; technology service provider (turnover > R25 million); telecommunications provider.
  • For companies with a turnover above R250m or companies that do not meet the iTOO Go qualifying criteria, please complete the CYlution proposal form.
  • Companies we would not consider are as follows: payment card aggregators, universities, adult media, online gaming or gambling.