Subscribe
  • Home
  • /
  • Malware
  • /
  • Companies failing to mitigate cyber crime: report

Companies failing to mitigate cyber crime: report

Kgaogelo Letsebe
By Kgaogelo Letsebe, Portals journalist
Johannesburg, 01 Jun 2017
There is still a great deal of complacency about cyber crime in local markets, and this has to do with the fact that incidents in SA are grossly under-reported.
There is still a great deal of complacency about cyber crime in local markets, and this has to do with the fact that incidents in SA are grossly under-reported.

Companies are grappling with new risks such as cyber crime, and lack consensus on how to best prioritise and respond to them. This according to Aon's 2017 Global Risk Management Survey released this week by the risk management, insurance and reinsurance brokerage service provider.

The survey highlights that even though 53% of the respondents are adopting cyber risk assessments and 33% are transferring greater risk to the commercial insurance market, only 23% of companies employ any financial quantification within the cyber risk assessment process.

"Without measuring the actual financial impact of identified cyber threats, companies will not be able to adequately prioritise the capital investment in risk mitigation, nor will risk managers be able to convince a potentially less tech-savvy board of its importance. Much more progress is needed in the area of cyber risk control and mitigation to keep pace with the pervasive and fast evolving cyber threats that go hand in hand with the dizzying speed of technological innovation," indicated the survey report.

The survey was conducted in the fourth quarter of 2016 and gathered input from nearly 2 000 respondents at public and private companies of all sizes and across a wide range of industries globally. 'Cyber crime/hacking/viruses and malicious codes' was ranked the fifth top risk enterprises faced in today's world. Brand damage, economic slowdown, increasing competition and regulatory as well as legislative changes were placed number one to four respectively. Cyber risk was placed ninth in the 2015 survey.

Kerry Curtin, Business Unit Manager: Financial Institutions at Aon SA, says the evolution of the nature of cyber crimes is proving to be a challenge for companies. "Cyber crimes have evolved from stealing personal information and credit cards to staging co-ordinated attacks on critical infrastructures. As cyber crimes become more rampant, more costly, and take longer to resolve, companies need to improve their risk readiness with the acceptance that cyber security risk management is a critical part of doing business across industries, and needs to happen as part of an enterprise wide risk management strategy," he said, adding that rapid changes in digital transformation continue to create more cyber vulnerabilities, triggering exposures across the business so quickly that companies find it challenging to deploy timely and adequate risk management strategies.

Curtin explains that a further contributing factor is that there is still a great deal of complacency in local markets, and this has to do with the fact that incidents in SA are grossly under-reported and kept under wraps despite the country being in the top three in the world when it comes to cyber crime attacks.

Dr Jabu Mtsweni, research group leader for cyber defence at the CSIR, adds that data breaches and general cyber attacks continue to remain unreported by organisations due to fear of reputational damage and suchlike in SA and that this trend is creating a "false sense of security" and the incorrect perception that SA in not badly affected by cyber attacks.

"Recently, it has been shown that there are a lot of data breaches that continue to wreak havoc in South African organisations but these are not reported when they happen and users affected by these data breaches are not even informed. A recent example includes a data breach from Ster-Kinekor that affected over 6 million personal customer records. This information only came to the public via a third party," he said.

In 2016, Control Risks Riskmap reported that SA was the top target for cyber crime in Africa. According to the report, the five African nations with the highest number of active malicious IP addresses were South Africa, Egypt, Kenya, Tunisia and Botswana.

Share