Millions of companies have been left vulnerable in the wake of the South African Companies and Intellectual Property Commission’s (CIPC) recent cybersecurity breach which saw personal information being unlawfully accessed and exposed.

A statement released by the agency said: “The CIPC is not the only organisation that has been subjected to such a breach…there has been a massive increase of cyber-attacks within South Africa and it would seem that as a jurisdiction, we are being targeted.”

In light of this and despite the view held by many of the country’s small and medium-sized enterprises (SMEs) that their ventures are too small or unimportant to be targeted by cybercriminals, the reality is that 43% are victims of cyberattacks annually, according to Accenture’s Cost of Cybercrime Study.

“A mere 19% of South African companies are ready to defend themselves against cybersecurity threats. It’s unsurprising then that SMEs are particularly vulnerable to attack, due, in part, because small businesses are more likely to run consumer-grade security software rather than business or enterprise-grade, but also because they are more complacent about the risk,” says Reabetswe Motsamai, marketing and communications manager at MakwaIT Technologies.

Maritza van Wyk, small and medium business sales leader: sub-Saharan Africa at Cisco, adds that even the smallest enterprises hold sensitive information such as email addresses, credit card details, and health records. “In the wrong hands, this data can wreak havoc, costing individuals their financial security and peace of mind.”

While the latest Cisco Cybersecurity Readiness Index has revealed that 78% of South African organisations have plans to increase their cybersecurity budget by at least 10% over the next 12 months, Motsamai argues that this may not suffice, particularly when one considers the cost of cybercrime.

“This can include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, fraud, forensic investigation, restoration and deletion of hacked data and systems, as well as reputational harm. All told, being unprepared for an attack can set companies back by between $1-million and $9-million, equating to over R19-million and R171-million. It’s not surprising then that 60% of small businesses that experience a significant cyberattack or breach go out of business within six months of the event.

“Unfortunately, cyberattacks are only set to intensify in future and cyber criminals will continue going after targets that have not taken proper precautions,” she warns. “SMEs need to be proactively investing in the right tools now to ward these off instead of reactively once an incident has occurred, by which time it’s too little too late.

“Moreover, with 45% of South African IT departments saying that they don’t have the skills and capacity to tackle cyberthreats, it is critical that SMEs invest in end-to-end security solutions that involve a combination of the right systems and professional services. This effectively creates an IT department which these businesses tend to lack, helping them to bump up their threat mitigation capabilities,” notes Motsamai.

She points out that over and above mitigating cyberthreats, this allows for more efficient business operations and, in turn, better business outcomes. The most recent State of Cybersecurity Resilience report reveals that those organisations which closely align their cybersecurity programmes to business objectives are 18% more likely to increase their ability to drive revenue growth, increase market share and improve customer satisfaction, trust and employee productivity.

The report also highlights that organisations which embed key cybersecurity actions into their digital transformation efforts and apply strong cybersecurity operational practices across the organisation are nearly six times more likely to experience more effective digital transformations than those which don’t do both.

“Companies must look to cybersecurity as a strategic ally, not just a shield, particularly as the digital world continues to evolve, and with it, cybercrimes,” emphasises Motsamai.

“Additionally, cybersecurity must be prioritised to safeguard not just businesses, but the livelihoods and trust of those they serve,” further stresses van Wyk.

Motsamai concludes by saying: “SMEs play a critical role in driving economic growth – contributing meaningfully to job creation, innovation and overall prosperity. If they are to lead South Africa on the path to economic recovery, they should be adequately protected to ensure their survival and success.”