InsureTalk Live 2025: bringing people together in the name of insurance

InsureTalk Live 2025 took place on 13 November at The Venue in Melrose Arch, Johannesburg. The hybrid event drew just over 3 000 insurance professionals, some online and some live at the venue.

Carly Esterhiuzen of EasyEquities skilfully emceed the seminar, which also was broadcast live via Zoom.

Head of legal at the Financial Intermediaries Association, Sam Williams, opened by reassuring the room that the FSCA’s new omni-risk return is “far less demanding than anything that came before.” What used to be quarterly is now annual and the structure is more streamlined. The consultation window runs until the end of November and firms are not expected to complete the return now. Instead, this phase is about giving the FSCA practical input on what is realistic, achievable and appropriate.

She explained why the return matters.

“The regulator wants a clearer view of conduct risks, governance, resilience and financial stability across the sector,” she said. “Accurate information helps them spot problems early, compare firms properly and respond proportionately.”

Sam then walked through the 12 sections, highlighting what the FSCA wants and the red flags that might catch its attention.

“These touch on ownership, geographical footprint, governance quality, remuneration, AML exposure, handling of customer assets, distribution channels, cancellations, advertising, complaints, IT resilience, outsourcing and financial sustainability,” she said.

As she put it, “claims patterns tell a story” – and so do customer exits, complaint trends and data breaches.

The grey list

She said South Africa remains vulnerable to money laundering scrutiny even after exiting the grey list. The return’s focus on customer segmentation, PEP exposure and geographic concentration reflects that risk. She urged intermediaries to look carefully at their own data.

“High unclaimed assets, high vacancy rates or an over reliance on outsourced providers are all signals the regulator will probe,” she said.

On IT governance she emphasised that “any customer data breach is serious” and repeated incidents will be viewed as weak controls. She also mentioned that the FIA has developed a tool, Membershield, to help members capture the necessary information.

Sam ended with a reality check: if a business is not already tracking governance, complaints, customer segments or asset flows, then completing the return is the least of its worries. She urged everyone to submit comments through the FIA by 14 November or directly to the FSCA by 30 November and reminded guests that the Microsoft Forms template must be completed in one sitting.

Sam closed by reminding members that the return “isn’t punishment, it’s transparency”, and encouraged firms to clean their data, document their processes and be honest about gaps.

Next up were Nonnie Mhlungu and Michael Wanjelani from Xponential Growth. The pair

framed their talk as a shift from technical jargon to the human side of cyber risk.

“Every breach, scam or compliance failure begins and ends with human behaviour, not with criminals in hoodies,” they said.

To make the point, they opened with a poll asking which emotional trigger hits teams the hardest: curiosity, fear, ego or urgency. The results showed curiosity narrowly ahead, which Michael summed up with “curiosity really did kill the cat”. They used this as a springboard to explain how psychology shapes cyber vulnerability.

South Africa is among the top 10 countries targeted by cybercrime globally. Digital banking fraud is a major contributor, yet the increased visibility of these risks is driving positive action.

Michael highlighted Microsoft’s commitment to train one million South Africans in cybersecurity by 2026, while 66% of local organisations now prioritise mitigating cyber risk. Nonnie linked this to growth in the insurance sector, observing that stronger digital capability also creates an opportunity to design “more human-centred compliance” from the start.

Nonnie and Michael shared real stories, including a phishing test where an “Urgent Bonus Payment” email saw 42% of staff click within eight minutes, and a WhatsApp scam Nonnie intercepted by verifying the request with a phone call.

Culture

Throughout their talk they argued that good compliance is really about culture.

“Compliance is often seen as restrictive,” she said. “I mean, is it really necessary to print an FSP number on branded golf balls?”

She said the best organisations treat compliance as “a form of care”. Michael reinforced this, saying that people, not systems, enforce consistency.

“Leaders who model integrity set the tone, shifting behaviour from ‘I must’ to ‘I need to’, especially when it comes to safeguarding client information. Trust is the thread running through cybersecurity, compliance and reputation.”

They closed with four practical steps: awareness, accountability, action and advocacy.

“Awareness comes from real and relatable learning, because your learning curve is your earning curve. Accountability requires leaders to model the behaviours they expect. Action means empowering people to report issues without fear. Advocacy encourages firms to celebrate those who protect the organisation.”

Embedding these habits builds resilience, they said, something the industry has demonstrated through riots, floods and cyber attacks alike. As Michael put it, “cybersecurity starts with people; compliance will live or die in the culture that teams create.”

Pieter Nel of Sophos SA opened his talk by acknowledging how closely the earlier discussions on governance, compliance and people align with cybersecurity.

With 16 years at a global cybersecurity vendor, his work centres on awareness, education and helping clients reduce risk. In his talk, he shared the year’s top trends from an independent Canalis report, noting that compliance is “the number one discussion in boardrooms in South Africa.”

The shift, he said, is no longer from reactive to proactive, but towards predictive capability, which he admitted is “extremely tough to do.”

“You will be attacked,” he warned. “South Africa remains in the top 10 most targeted countries for cybercrime. Strong connectivity and infrastructure make it attractive, while weaknesses in governance and compliance create openings.”

Vulnerabilities

Pieter broke down how attacks usually begin, with vulnerabilities left unpatched while criminals treat update notes as “a shopping list.”

“Patch delays of around 120 days give attackers four months of opportunity. Human behaviour is central: phishing, malicious emails and compromised credentials all come down to what people click.”

He illustrated how deeply attackers can embed themselves.

“The recent breach at City Power involved criminals sitting unnoticed in the environment for 18 months, even becoming part of the organisation’s backups.”

Once an attack triggers, businesses face ransom notes tied to fear and urgency.

“Around 49% of South African victims pay, which fuels the dark web and often only recovers a portion of their data,” he said. “South Africans negotiate well, but the attackers still treat the process as a business, increasing costs when deadlines slip.”

The real damage, though, lies in reputational fallout.

“Liberty’s breach led to billions in losses within hours as customers withdrew funds.”

Pieter showed that while the incident rate is improving, the financial impact remains severe.

“Beyond ransom payments, firms face legal costs, operational downtime and the challenge of rebuilding trust,” he said.

His final advice was practical and layered.

“Start with prevention by hardening all seven layers of defence around the business. Select the right protection technologies, because if you select the wrong technology, you’re in trouble. Ensure strong detection and response capability with 24/7 monitoring. And above all, plan and prepare.

“You will be attacked. It’s up to you how to isolate and remediate that attack as soon as possible.”

Juan-Pierre “JP” Holmes followed Pieter at the podium. He framed his session within the volatility of a “VUCA world” where threats evolve daily and admitted that anything he said today could shift tomorrow.

Building on previous speakers, he positioned his topic at the intersection of human behaviour, compliance and cyber risk, reminding the audience that South Africa has just been ranked seventh globally for organised crime. He highlighted three drivers behind this: cybercrime, weak governance and the lack of active prosecution.

Polycrisis, global weirdness

To make sense of the broader context, he drew on terms like “polycrisis” and the newly coined “global weirdness”, both describing a world where economic strain, governance failures, human hardship and extreme weather converge.

“These conditions shape local realities such as infrastructure theft, rising crime and the collapse of inner cities,” he said. “Parts of Johannesburg’s CBD were left to deteriorate until a university partnered with industry to revitalise an entire block by converting an old Anglo building into a security-focused campus. The result was remarkable: There are lights back, people walk around there, proving that meeting real needs with relevant skills can transform communities.”

Turning to insurance, he challenged the room to reflect on what it feels like to submit a crime-related claim, noting that people often end up feeling like the claim victim.

“Insurers have an opportunity to redesign this experience, starting with better social skills in claims teams and more empathetic processes. Risk mitigation should be more collaborative – selling doesn’t help, helping sells!”

He encouraged insurers to explore technology creatively, from AI-enabled safety tools to emergency features built into everyday devices and questioned why thousands of security companies in Gauteng operate in silos rather than collaborating. Insurers, he suggested, could help incentivise shared intelligence and coordinated response.

JP ended by looking ahead.

“Safety and security pressures will intensify, making governance and culture even more important,” he said, urging the industry to approach products and service design “from a human perspective, emphasising education, community upliftment and the responsible use of AI.”

He argued that clients should be able to choose what they want to cover, rather than being “at the mercy of the insurer”, and encouraged teams to talk openly about recent burglaries, accidents or losses to reconnect with the human side of risk.

Panel discussion

Next up was a panel discussion with Michael, Pieter, JP and Nonnie.

Michael moved straight into a key audience question: how AI will affect insurance risk from 2026 onward. Pieter responded first, warning that attackers are already using AI to enhance their own tools.

“They now use AI-driven techniques to crack systems at scale, forcing us cybersecurity vendors to stay on top of our game just to keep pace,” said, stressing that “if AI is implemented incorrectly, it will add risk rather than reduce it.”

Nonnie then turned to the importance of compliance frameworks in managing cyber risk, leading JP to explain why AI regulation matters for insurance.

“AI is just another code”, he said. “Regulators must ensure it accesses only what it is allowed to and that it can ‘forget’ information when required.”

Pieter added that the complexity lies in distinguishing between clean and dark data when AI systems move information into the cloud.

“AI can analyse data at immense speed, which helps with defence, but also increases the challenge of controlling what it consumes and how it is used,” he said. “Sophos processes 240 terabytes a day, using AI to filter noise, identify risk and prioritise action.”

Michael shared more questions from the Q&A box, including how AI and automation may shift cybercrime over the next five years. Pieter described the rise of “zero-day” threats and said there are already 400,000 new malware samples created daily.

“AI will accelerate this, increasing the need for human awareness,” he said. “We have to make sure it’s hard wired in our DNA.”

When an attendee asked about cost-effective measures for smaller firms, Pieter advised focusing on encrypted devices, proper endpoint protection and continuous awareness training.

JP reinforced that technology cannot replace people, sharing a story about a video that demonstrated that “technology doesn’t substitute people”, especially when staff behaviour often determines exposure.

The panel ended with questions about the adequacy of current laws, risks for SMEs and how public networks contribute to fraud.

Pieter said no regulation will ever keep up completely, which is why firms need incident response plans and must “practise like you’re having a live attack”. For SMEs, he explained how attackers scan databases for low-hanging fruit, learn how much is in a company’s bank account and tailor ransom demands accordingly.

Longevity over sales

JP encouraged smaller businesses to prioritise longevity rather than just sales.

The session closed with a stark example from Pieter about a Gauteng mall where cybercriminals planted fake Wi-Fi hotspots, capturing banking logins and causing over R120m in losses. Banks took no responsibility because customers had chosen to connect.

Michael wrapped up the conversation by thanking the speakers for tackling some tough questions and bringing the discussion to a close.

FAnews founder and editor, Rianet Whitehead, used her regular InsureTalk slot to have a chat with Khaya Mashologo, winner of The Insurance Apprentice 2025. (Rianet is also the creator and head honcho of The Insurance Apprentice.)

Rianet’s message was clear: “The competition didn’t come down to who could recite the most regulations but to how you apply what you know under pressure and how you show up when it matters.”

She praised Khaya for demonstrating emotional intelligence, resilience and the ability to lift others, adding that “the industry runs on humanity as much as technical skill.”

Their conversation began lightly, with Rianet teasing him about the 135 “ums” he used in his winner’s podcast. She then asked how he handled critics who questioned his win.

“The experience taught me immediate accountability and deepened my self-awareness, especially in an industry where past leadership wasn’t a proponent of real change. My wish is to use the platform to engage the public, to explain that insurance is about standing for clients.:

When asked how he found his lane among more technical contestants, he answered with one word: “authenticity”. He refused to perform for cameras and instead brought who he really was to the competition.

Khaya described how the show helped him find his voice.

“Growing up in the Eastern Free State, I often felt overshadowed, especially when competing with people from bigger centres,” he said. “Watching the episodes back, I realised I can hold my own in a room.

“The breaking point came during the Sasria task, when being at the bottom of the food chain forced me to stand up. That moment changed how I contribute at work and in life.”

He also spoke about telling his younger self to wake up, stop being a deer in the headlights and recognise that he had something to offer.

Mentor and connect

Khaya has been using the Insurance Apprentice platform to mentor and connect with others across Old Mutual Insure, from graduates to senior managers. His lessons to young professionals revolve around self-realisation, willingness and the idea that regardless of your background, there is space in the industry for those who show up and learn.

“I would like to help regions beyond Gauteng gain visibility,” he said. “Talent in the regions shouldn’t be ignored.”

As the session closed, Rianet echoed her TIA mantra — innovate, educate, empower — and said Khaya’s win was a reminder that the industry needs presence as much as perfection.

“Thank you for carrying the TIA flag high,” she said, to thunderous applause.

Wimpe van der Merwe, CEO of Global Choices, was our final speaker for the day. He began by sharing how Global Choices was shaped by what he calls “the architecture of empathy”. He explained that after the death of his first wife in a hijacking almost three decades ago, he suddenly found himself running a travel business he knew nothing about. So he fell back on his original discipline as an architect, where you define your constraints to finally create a solution.

“Market research showed that travel agencies were about to lose their commission income, which pushed me to design a subscription model built on experience, service and accessibility,” he said. “That same design-thinking mindset guided Global Choices as it moved into the insurance world and built its emergency assistance operations around empathy as a practical framework.”

Wimpie then unpacked the E.M.P.A.T.H.Y. acronym. He spoke about Engagement – how you immerse yourself in someone else’s experience, especially during a crisis when a 24-hour call centre becomes the first voice a shaken customer hears. Mindfulness follows, which he described as being fully present and understanding not just the incident but everything surrounding it. Patience is the next step, a virtue he admitted he is “not always good at”, yet one that builds trust when clients are frightened, angry or confused.

A stands for Acknowledgement, the reminder that clients are not policy numbers but people whose experiences need to be validated, especially in moments of loss or shock. T is Trust, the foundation of every lasting relationship in insurance, built through consistency, reliability and ethical conduct. Humanity ties everything together in their culture, with Global Choices seeing itself as “the placeholder for that person’s emergency” until the situation is stabilised.

In Wimpie’s empathy acronym, the Y stands for “Why”. He uses it to explain that when you design with empathy – through engagement, mindfulness, patience, acknowledgement and trust – the why becomes clear: It inspires innovation, shapes better experiences and drives solutions that truly matter to people.

He closed with the sunbird story – a parable about a tiny bird carrying drops of water to a burning forest while larger animals looked on.

“The message of the story is that meaningful change often starts with small, steady efforts, even when they seem insignificant. In business, this means identifying your ‘fire’, naming it, and then taking the first step rather than waiting to fix everything at once.

He encouraged the audience to focus on what they can do today, because “a small drop of water can lead to miracles.”

He ended by joking that he didn’t invent empathy, but simply chose to build a business around it.

Llewellyn du Plessis, head of CN&CO Events, closed the session by thanking sponsors and referring delegates to www.insuretalk.co.za to download their CPD certificates.

“Please check your spam folders and use the same email address to log in that you use for the InsureTalk sessions,” he advised.

And that brings our InsureTalk series to a close for 2025. The next webinar takes place on 19 February 2026. To book your spot, click here.

If you would like more information on sponsorship, capture the following QR code: