When the COVID-19 pandemic streaked around the world, one of the last things on any of our minds was its potential impact on cybersecurity. And yet, as organisations across the globe made the abrupt move to remote working, sourcing additional laptops and other tech for employees’ homes, cybercrime risks increased significantly.
Now no longer under the stringent protection of centralised servers, firewalls and other precautionary systems, people working from home have become easier, more vulnerable targets. In the two years since 27 March 2020, South Africa’s first hard lockdown, cybercriminals have taken advantage of these opportunities.
Cybercrime is on the rise in South Africa
A study conducted in December 2020 by the Center for Strategic and International Studies shows that malicious cyber activity costs the world $945 billion each year. This figure is on the rise, according to a recent CNBC interview with Cybersecurity Ventures, which estimate that global cybercrime costs are expected to increase to $10 trillion by 2025.
We may be tempted to believe that South Africa remains far removed from cybercrime, with all these figures being recorded in US dollars. However, according to the Global Economic Crime and Fraud Survey conducted by PwC in 2018, South Africa is the second-most targeted country in the world when it comes to cyberattacks.
IBM’s Cost of Data Breach Report 2021 supports this, shedding light on the growing cybercrime risks in South Africa:
- The average cost of data breaches in South Africa is R48.1M.
- Cybercrime is the 4th most commonly reported crime in South Africa.
- Our phishing rates are the highest in the world, with 1 out of every 785 emails being a phishing scam.
- The average total cost of a single breach is $1M, or approximately R15M, higher where remote working is a causing factor in the breach.
- The average number of days to identify and contain a cyber breach in South Africa is 287 days – more than 9 months!
- The most common cause of malicious cyber activities globally is stolen or compromised credentials and cloud misconfigurations.
The risks to business and how to address vulnerabilities to cybercrime
Because the pandemic has forced so many businesses into remote working, operating virtually on a day-to-day basis is the inescapable norm for many organisations. And many businesses have adapted so well that this is now a permanent shift.
What surprises many – especially smaller organisations – is that cybercriminals are now targeting small- and medium-sized businesses. This is due to the fact that larger corporations have allocated larger budgets to cybersecurity measures, while smaller companies have limited resources and remain vulnerable.
Even more concerning, according to Focus Data Solutions, is the fact that once a smaller business has been infiltrated by a cybercriminal, the culprits often find a weak entry point into larger organisations that conduct regular business with the smaller company. This means that no matter how thorough a corporation’s cybersecurity and breach prevention measures may be, they may still be vulnerable through partnerships with other, more vulnerable businesses.
The immediate consequences of a cyberattack are:
- Interruption to business services
- Months of system recovery
- Damage to reputation
- Loss of company assets
- Litigation, where partnering businesses suffer loss
- Loss of business
- Financial loss
Cybersecurity should never be an afterthought – in a world where cyber risks advance alongside the progression of technology, cybersecurity is best considered central to business, as important as any other company policy or activity.
We believe that entire workforces should be actively involved in enforcing cybersecurity measures, and not just IT divisions:
- Managers, directors and board members should be more involved in ensuring that best practices are implemented and reviewed regularly as the technological landscape continues to change.
- Organisations should offer employee training on data security and cyber threats
- All staff should abide by a clean desk policy, which includes storing confidential documents in a safe place, whether in the office or at home.
- Employee, client, customer and supplier data must be stored and protected to comply with POPIA.
We urge business owners to take extensive precautions against cybercrime, some of which we explored even prior to the pandemic. While these preventative measures can help protect you and your business, as well as your partners and supply chain, your contingency plan should include investing in cybercrime insurance – which will be there for you, if all else fails.
For more information about cybercrime insurance, please contact an Indwe advisor on 0860 13 13 14 or email@example.com.
Indwe is an authorised Financial Services Provider. FSP: 3425