06 Nov 2017

Cybersecurity Risk Exposure and Management: How Safe is Your Company From Cyber Attacks?

by Quintus van der Merwe, Partner, Durban,
Practice Area(s): Shipping & Logistics |

Cybercrime is an increasing global threat which has caused substantial damage over the years to public and private companies such as Maersk, Google, Yahoo, Rosneft, FedEx and Telkom. Cybercrimes can take the form of data loss, data breaches and data ransom. South Africa reportedly has the third highest number of cybercrime victims worldwide, losing about R2.2 billion a year to cyber attacks and suffering more cyber attacks than any other African country. These cyber-attacks cause major disruptions and have serious financial implications for companies and their clients.

It is estimated that the global cost of cybercrime will reach $2 trillion by 2019. Interestingly, a leading study showed that 48% of data security breaches are caused by acts of malicious intent, and that human error or system failure account for the rest. Also, for commercial reasons, many losses and data breaches are not reported

South Africa has introduced legislation such as the Cybercrimes and Cybersecurity Bill and the Protection of Personal Information Act 4 of 2013 (“POPI”) to minimise these threats. Some of the prominent features of the Cybercrimes and Cybersecurity Bill include criminalising cybercrime and regulating jurisdiction. The POPI Act promotes the protection of personal information by requiring public and private bodies to comply with certain standards from the time personal information is collected to the point of sharing. POPI also regulates the right to protection against the unlawful collection, retention, dissemination and use of personal information.

So, what can you do? Effective cyber management includes following available guidelines (such as POPI), conducting regular risk assessments, adequate staff training, implementation of the correct IT systems, (including firewalls and antivirus), specific insurance cover and liability management in terms of third-party contracts – you need to consider the strength of your company’s own defence systems as well as the systems of any third parties you work with and limit your contractual liability accordingly.