In the ever-evolving landscape of cybercrimes, South African companies find themselves in a precarious situation, often awakening to the harsh realities of digital vulnerabilities only after falling victim to cyberattacks. This trend underscores the pressing need for proactive cybersecurity measures to shield both public and private enterprises in the country.

The surge in cyber crimes has emerged as a daunting challenge for South Africa, with businesses and government institutions finding themselves squarely in the crosshairs of malicious actors. A striking example of this vulnerability unfolded in 2021 when the Department of Justice and Constitutional Development became the unfortunate target of a ransomware attack. This incident, however, was just the tip of the iceberg.

Compounding the Department’s woes, the Information Regulator subsequently imposed a hefty R5 million fine due to their failure to renew antivirus software, which could have detected and thwarted the impending attack. This costly oversight underscores the need for a paradigm shift in how South African entities approach cybersecurity.

Read also: Kaspersky provides threat intelligence to INTERPOL to curb cybercrime

In a bid to shed light on the state of cybersecurity practices within South African firms across various market segments, Aon South Africa’s 2023 Cyber Risk Survey offers invaluable insights. This comprehensive survey endeavors to chart a course for the future by comprehending the rapidly evolving landscape of cyber risks, the corresponding solutions, and the legislative policies surrounding them. It serves as a beacon of forward-looking guidance tailored to the South African business landscape.

Zamani Ngidi, Cyber Solutions Senior Client Manager at Aon, commented on the survey’s significance, stating, “The survey offers commentary on the future direction of cybersecurity, given the rapidly evolving manner of the risk, its solutions and legislative policies, to provide forward-looking guidance to businesses from a South African perspective.”

The findings of the survey reveal a multifaceted cybersecurity landscape within South African companies:

Cyber Incidents

Alarmingly, 22% of respondents reported falling victim to cyber incidents in the past five years, underscoring the omnipresent threat.

Cyber Risk Management Tools

A notable 67% of participants have deployed cyber risk management tools, a step in the right direction towards safeguarding digital assets.

Board-Level Cyber Champions

However, only half of the respondents, a meager 50%, have a dedicated board-level cyber champion, highlighting a concerning gap in governance.

Cyber Insurance

Encouragingly, 72% of participants have opted for cyber insurance, recognizing the importance of financial protection in the face of cyber threats.

Kenya, Huawei Collaborate to Train Students on Cybersecurity 

More on the security concerns

A glaring concern highlighted by Aon revolves around the reactive nature of many companies’ approach to cybersecurity. Zamani voiced this concern, stating, “We question whether companies that have suffered a cyber-attack would have better cyber risk management practices in place than those who did not suffer an attack.”

Surprisingly, the survey findings seem to suggest that companies struck by cyberattacks tend to swiftly bolster their defences. Among the 22% of respondents who experienced a cyber incident, all subsequently implemented comprehensive cyber-related covers and tools, setting them apart from their counterparts, where mitigation controls witnessed less than 50% adoption.

Furthermore, the survey’s data reveals a disparity in cybersecurity readiness based on the revenue bracket of companies. It is evident that smaller enterprises, with revenue less than R100 million, exhibit a lower propensity for employing cyber risk management tools, standing at just 43%, compared to the robust 80% adoption rate observed among companies with over R100 million in revenue.

Ngidi offered insights into these disparities, suggesting two potential scenarios: smaller companies might perceive proactive risk management as cost-prohibitive, or there may be a misconception that cyber risks are primarily the concern of larger, more financially endowed entities.

In essence, South African companies are navigating treacherous cyber waters, often waking up to the perils of digital vulnerabilities only after experiencing a cyber incident. The Aon South Africa 2023 Cyber Risk Survey serves as a clarion call for a proactive approach to cybersecurity, urging businesses of all sizes to fortify their defenses against the ever-present and ever-evolving threat of cybercrimes. Failure to do so may leave them vulnerable to the staggering costs, both financial and reputational, that can accompany a cyberattack.