Nearly three-quarters of C-suite executives in South Africa believe that cyber risks will grow substantially in the next few years as businesses harness new digital technologies to become more connected, intelligent and autonomous, according to new research from Accenture.
The study of over 1 400 C-suite executives from around the world included more than a hundred from South Africa. It highlights that new technologies will “raise cyber risk” if the gap between the new risks that companies take on and their cybersecurity strength widens.
The survey finds that close to 90% of executives in South Africa are looking to, or have already, adopted new digital technologies like the cloud and internet of things (IoT).
“The fast adoption of new technologies may be all the rage, but it comes with significant risks if companies do not update the way they plan and execute cybersecurity. For example, 92% of companies in South Africa base their cybersecurity investments solely on today’s known risks and cybersecurity needs, and do not consider future business needs in the investment plan,” says Yusof Seedat, head of global geographies for Accenture Research.
Additionally, the survey finds that a higher proportion of SA executives (85% vs. 77% for global executives) cite IoT as a potential source of cyber risk. This technology is set to grow exponentially as it will allow companies to, among others, control factory machines and manage physical environments.
Notably, more than 85% of South African executives point to cybersecurity concerns regarding artificial intelligence (AI), making it the riskiest new technology in their view. “The same AI technology that enables banks, for instance, to create sophisticated profiles of individual consumers to customize loan offers can also be used by hackers to track consumers’ online activity to steal account passwords,” says Seedat.
Given the intersection of AI, machine learning and big data within businesses, Seedat says companies will need to address both security and privacy risks.
Top executives in South Africa are highly concerned about the potential dangers of sharing data with third parties.
In the survey, nearly 60% of respondents said they expect data exchanges with strategic partners and other third parties to raise cyber risk, and 90% of C-suite leaders anticipate that the number of third parties and strategic partners in their ecosystems will increase in the next three years.
In the digital marketplace of the future companies expect to make and sell many more connected consumer devices, including connected cars and “smart” appliances like wearable health monitors and even internet-enabled pacemakers.
“These products, however, introduce potentially catastrophic cyber risks which expand the risk from monetary and reputational loss to possible loss of life and physical disruptions,” says Wandile Mcanyana, Accenture Security senior manager for Africa.
In addition, there are more that companies can do to build security knowledge among employees and create a “security-first” culture that will support pervasive cyber resilience.
Only 29% of chief information security officer’s (CISOs) in South Africa – fewer than the low 40% at global level – said establishing or expanding an insider threat program is a high priority. It is imperative businesses close the gap between risk and protection, with the survey data exposing a consistent pattern of gaps between the awareness of growing risks and the protection afforded by current cybersecurity strategies.
With more businesses relying on application programming interfaces (APIs), for instance, almost two-thirds (64%) of South African respondents say it will increase cyber risk. However, only 20 percent said that open API technology is protected by their cybersecurity strategy — indicating a wide gap of 44 percentage points between awareness of risks and their protection. In South Africa, wide gaps are also found in smart products and customer data, and the BYOD/virtual work environment.
According to Mcanyana, companies can start winning the war against cybercrime by developing a coherent cyber strategy and investment plan that focuses on the key issues of data governance and protection.
According to Accenture, five key ways to begin building pervasive cyber resilience are: make the business leader a trusted security partner; make the security leader a trusted business enabler; make employees part of the solution; be an advocate for customer protection; and think beyond your enterprise to work with ecosystem partners to jointly protect organizations. The survey found that CISO and business leaders collaborated on a cybersecurity plan and budget at only 34% of South African respondent companies.
“Companies must also make security a top priority in the design and development of connected products and services. Companies should also work with partners to establish mutually accepted rules, among numerous other solutions. The reality is increasingly sophisticated cyberattacks can cripple businesses and the reputational damage alone can impose significant indirect costs, like the loss of customer loyalty,” says Mcanyana.
“The connected, intelligent, autonomous business of the future needs pervasive cyber resilience to keep cyberattacks from crippling their business. Simply put, security needs to be baked into everything the organization does,” he adds.