South Africa ranks as one of the most vulnerable countries in the world for cyber-attacks, yet local businesses are largely discounting this risk and not protecting themselves adequately in this regard.
Roy Wright, head: risk solutions at financial advisory group GTC, believes small, medium and micro enterprises (SMEs) are especially exposed to the dangers of cyber-crime.
“While unseen, crime in cyberspace presents one of the biggest threats to businesses today,” says Wright. “A report by AT Kearney has revealed that South Africa is the third most vulnerable country in the world for cyber-attacks, and the most vulnerable in Africa.”
According to a recent Global Economic Crime Survey by PwC, cyber-crime is also now the fourth most reported economic crime.
Wright says that many smaller business executives believe that only large corporations are at risk of being attacked in cyberspace and as a result, they may find themselves inadequately covered for the risks associated with crimes committed in the digital sphere.
“South Africa has had several high-profile incidents of cyber-crime that have affected many consumers, but this does not paint the full picture,” adds Wright. “A CareersinAudit.com survey found that 90% of SMEs globally are vulnerable to cyber-attacks and other IT threats.”
While the monetary damage to large corporations is considerably higher, Wright believes cyber-crime presents an equally significant risk to smaller businesses.
In some of the more publicised incidents over the past few years, the networks of well-known companies have been infiltrated and sensitive information leaked.
“There are, however, numerous other risks which could be devastating for a small or medium-sized business,” warns Wright. “This includes an erosion of trust and confidence in the business, revenue losses, as well as serious damage to the reputation of the business. These elements can take years to rebuild.
“In addition to these risks, the costs relating to investigations into the incident, the recovery of data, as well as legal action that can be taken against the company could be enough to seriously harm the future of a growing business,” he adds.
Wright says these costs are often essential to restore the functionality of a business in the event of a cyber-attack.
“Many companies mistakenly believe that their general insurance will protect their business against the risks of cyber-crime. GTC urges companies to pay careful attention to their specific cover and policy wording.”
According to Wright, general insurance policies would likely provide cover for risks associated with the normal course of business, but they are not designed to protect against the losses emanating from hacking and other data breaches by cyber criminals.
“Cyber insurance is designed to target the risks which are directly associated with cyber -ttacks and provides remedial assistance to an organisation whose data has been stolen, damaged and/or shared illegally.”
He cautions that merely investing in IT infrastructure is not enough anymore.
“IT expenditure is costly at the best of times, but the additional cost of employing people with specialist skills in forensic investigations, as well as restoring data and systems could cripple a small business.”
Wright concludes that it makes more sense for companies to invest in ‘peace-of-mind’ to ensure the longevity of the organisation, which is critical for the growth of South Africa’s vital SME sector.
“Specialist cyber cover would ensure that a business – regardless of its size – has adequate protection in the event of a cyber-attack, and that such events cause the least possible disruption in business operations.”