The average cost of a data breach in South Africa rose to R53.1 million in 2024, a 10% increase from 2023, according to research by IBM.
Cyberattacks are also becoming more frequent, and according to a recent article titled Unmasking cyber threats in Africa, local organisations are facing an average of 1450 weekly attacks, translating to a 4% year-on-year increase.
Despite the growing prevalence and cost of these threats, a recent Santam survey reveals that only 26% of commercial entities have cybercrime cover in place.
“This is particularly concerning as South Africa has been identified as a hotspot for crimes such as identity theft, data breaches, malware and phishing scams,” said Thabo Twalo, the chief underwriting ffficer at Santam Broker Solutions.
The issue of cybercrime is especially relevant as organisations around the world observe Data Privacy Week from January 21 to 31, an initiative that aims to create awareness about digital data privacy, the laws governing it, and the data protection practices organisations can adopt to safeguard sensitive information.
Twalo urges South African businesses of all sizes to use this opportunity to reassess their approaches to cyber risks.
“Although attacks on large corporations may make the headlines, it’s the frequent attacks on smaller businesses that is more concerning,” he says, citing the latest SHA Risk Review, which found that one in three small and medium enterprises (SMEs) had been victim of a cyber-attack.
“Despite several recent high-profile cyber-attacks, research suggests that while cybercrime is recognised as a risk, local business owners under-estimate the protection measures required and most don’t have the necessary cover in place,” Twalo said.
The Santam survey shows that large commercial (44%) and large corporate (28%) respondents are leading the way in taking up cyber insurance. However, among SMEs, there is still a strong perception that “it would never happen to them”.
Twalo added that cybercrime invariably involves gaining illegal access to a computer or IT system to extract information or to implant malware, which can disrupt a business in various ways.
“For example, cyber extortion is when malware known as ransomware, is used to extort money from a company, threatening actions such as the destruction, theft or illegal distribution of data.”
SMEs are particularly vulnerable to cybercrime as they often lack adequate protection.
Twalo said businesses need to increase staff awareness around cyber-security, reduce unnecessary information transfers, and avoid complacency in managing data.
The work-from-home trend since the pandemic has compounded risks, he added.
“Security measures could include providing work-issued computers to employees working remotely and ensuring they are used only for work-related tasks and installing anti-malware protection to detect threats. Employees should be required to ensure routers have built-in firewalls and that they change passwords often.”
Twalo stressed that SMEs need to ensure they have appropriate insurance in place to safeguard their businesses from this growing threat.
Business owners should consider policies that provide cover in the following key areas:
– Data breach and restoration: Access to cyber security experts to investigate the damage caused by a breach, ensure compliance with legal requirements such as POPIA, and restore affected data.
– Third-party liability: Cover for claims made against the business by clients or agents whose private information has been compromised due to a breach.
– Business interruption: Compensation for loss of profit while the business is unable to trade following a cyber-attack.
– Cyber extortion and cybercrime: Assistance to help businesses recover quickly from an attack and manage the financial implications of ransomware.
“All businesses have a responsibility to protect not only their interests, but those of their customers and stakeholders. When in doubt, consult a financial adviser to ensure that your insurance policy covers all threats and is prepared to survive cybercrime,” Twalo further said.
BUSINESS REPORT