Report: SA businesses vulnerable to cyber crime
Cyber attacks were the ninth biggest risk to South Africa, after concerns such as corruption, governance failure, unemployment and infrastructure.
South African businesses were no strangers to cyber attacks, however, there were concerns on Monday at the the State Security Cybersecurity Conference in Pretoria that many businesses were not well prepared for an increase in cyber attacks.
New research from Grant Thorton’s International Business Report released during the conference showed how “one out of 10 South African private sector businesses had experienced a cyber attack in the past year”.
Michiel Jonker, Director: Advisory Services at Grant Thornton said many businesses in the country were experiencing cyber security issues, and were not aware they were being attacked, with many “trying to deal with it silently without reporting it”.
The report consisted of a global survey of 2,500 business leaders in 35 economies. It found that as breaches in cyber security “become more prevalent, many businesses are putting themselves in the firing line with no comprehensive strategy to prevent or detect and contain digital crime”.
Furthermore, the report highlighted the importance of having a strategy in place as 45% of South African businesses admitted that they did not have a detailed cyber security strategy in place to address potential cyber attacks. Around 52% of global businesses said they had strategies in place.
This was a concern as the report pointed to the need for businesses in the country to ensure they had adequate measures in place to protect their data. While businesses currently did not have to report cyber security incidents, they would soon have to comply with regulations in the new Protection of Personal Information (POPI) Act, once a POPI Regulator was appointed and fully functioning.
It is believed that this regulator could be up and running towards the end of 2016 or in the early months of 2017.
Jonker said he believed that by 2022, the country would have enough data on cyber security incidents that could be used for quantitative forecasting purposes.
Vigilance alone won’t keep businesses safe,” said Jonker. He said it was necessary for businesses and their management teams to drive robust, resilient cyber security strategies within their businesses, ensuring they were equipped to deal with threats in the event of an attack.