Cyberattacks a clear and present danger, insurer warns SA businesses

It has never been more critical for businesses of all sizes to move rapidly to secure their key IT systems and company and customer information.

That is the warning from insurer King Price as the world observes Safer Internet Day on Tuesday.

Last year saw a record number of data breaches, according to the Identity Theft Resource Center in the US.

Interpol estimates nine out of every 10 African businesses are operating without the necessary cybersecurity protocols in place, putting themselves and their clients at risk of huge financial loss.

“Many smaller businesses we talk to seem to think they won’t be targeted. They are wrong. What we’re seeing clearly is a trend where businesses of all sizes, in all sectors, are potential targets for cybercriminals.

“SMEs are often the weakest link as they don’t have the same level of protection as big companies,” said Minnaar Fourie, King Price commercial director.

Fourie said a cyberattack can literally put a small- to mid-sized company out of business. A 2019 IBM study put the average total cost of a data breach in SA at R43.3m.

Globally, an Inc.com study suggests 60% of small businesses close their doors within six months of an attack.

“Adding an extra layer of complexity is SA’s Protection of Personal Information Act, which fundamentally changed the way businesses deal with consumers’ personal information. If your business is hacked and you don’t have the correct procedures and safeguards in place, you could get fined by the regulator,” said Fourie.

“On top of that, anyone who incurred damages as a result of the breach could take legal action against the company for damages. We’re not even getting to the issue of reputational damage.”

While cybersecurity insurance is becoming increasingly common among local businesses, that is only one element of the precautions every company should be taking.

Apart from the security basics — having a firewall and enterprise-level antivirus software and regularly backing up data — the biggest step companies can take is to create greater awareness among their employees, said Fourie.

“It’s no use spending millions on security solutions if you don’t educate your people. When it comes to security, your people are the weakest link. They click on dodgy links. They use weak passwords. They let other people use their devices at home.

“Your best defence is to create an active cybersecurity culture that gets everyone in the business following basic security habits.”

TimesLIVE