According to SABRIC, the South African Banking Risk Information Centre, cyberattacks cost South Africa more than R2.2 billion a year and is on the rise. In the banking sector alone, they saw a 75.3% increase in digital banking fraud in 2018, a trend that is set to continue.
While all digital fraud is fraud, not all fraud is digital. It can, therefore, be helpful to understand the two main types of cybercrimes: digital theft and digital fraud.
Digital theft includes stealing money, personal information, or intellectual property and can involve ransomware attacks, malicious software, denial of service attacks or a number of crimes.
Digital fraud, on the other hand, is where an attacker penetrates an “open” door, typically through a customer or employee-facing access point and uses the organisations own processes to carry out the attack.
The best way to combat this is by using technology and software as a form of both prevention and cure for digital fraud cyberattacks.
Below we discuss some statistics around cyberattacks in South Africa and the most effective solutions currently being implemented.
In the Global Economic Crime and Fraud Survey 2018, released by PWC, they noted that a staggering 77% of South African organisations have experienced economic crimes, ranking number 1 globally ahead of Kenya and France.
South African businesses face an uphill battle in protecting themselves from a wide range of possible risks varying from customer fraud, bribery, and corruption, to intellectual property theft and cybercrime.
In fact, cybercrimes ranked 6th with 29% of respondents saying that they had experienced some form of cyberattack within the last 24 months. It also highlighted that they expected cyberattacks to have the most disruptive impact on their organisations in the next 24 months.
South African companies are, however, fighting back with 46% of businesses increasing their investments in cybersecurity and other measures to combat fraud. This aligns with a shift in thinking that the cost of proactively implementing preventative measures is far lower than the true cost of an attack.
Often cyber attacks occur because of a lack of awareness from customers and employees. Attackers leverage this by using advanced social engineering tactics to manipulate them into giving away sensitive data that can then be used to penetrate computer systems and networks.
Greater transparency and more committed involvement from leadership within an organisation can help curb this. Corporate culture and corporate controls account for 81% threat detection activities, showing that proactive initiatives designed to prevent attacks work.
The true cost of an attack expands wider than simply considering the actual cost, although the actual cost can be significant. 19% of organisations said they spent between 2 – 10 times as much on investigations as the original amount lost in the attack.
This is probably done in an effort to mitigate any additional negative impact from the attack. South African businesses have consistently ranked employee morale, business relations, and reputation/brand strength as the top 3 business elements that are at risk of being impacted negatively.
Unlike the costs associated with implementing new information security protocols or repairing computer networks, these elements are more subjective and often operate in the realm of public opinion and speculation, far away from a conventional business framework. This can make the true cost of an attack hard to contain.
It is inevitable that eventually, your organisation will suffer some form of attack, but perhaps there is an upside to this. Learning how to leverage small shocks can provide valuable opportunities for you to test and improve your systems.
83% of CEO’s reported that when a crisis or unplanned event is managed well they experienced no negative impact on revenue growth. This provides an effective measure for tracking the additional side-effects from changes in employees, customers, or other stakeholder relationships.
Any negative impacts outside of direct costs will eventually translate into losses in your financial statements. Learning from previous experiences and developing your organisations “muscle memory” to effectively respond during a crisis can help mitigate any additional side effects.
Businesses in South Africa face threats from a number of different areas but it’s the disruption and costs associated with cyberattacks that has business leaders most worried.
Businesses should also leverage the experience gained from any security breaches to strengthen their organisation and ensure they are able to mitigate the effect of any future attacks.
Although attacks are on the rise a proactive approach to cybersecurity can have a great impact with most business leaders agreeing that the true cost of a successful attack far exceed the implementation of preventative measures.