Cyber crime’s annual impact on SA estimated at R2.2bn

Simnikiwe Mzekandaba
By Simnikiwe Mzekandaba, IT in government editor
Johannesburg, 04 Apr 2023

At the moment, South Africa doesn’t look great when it comes to incidents related to cyber crime.

This was the word from Billy Petzer, research group leader: cyber security systems, at the Council for Scientific and Industrial Research (CSIR).

The CSIR hosted a hybrid information session this morning under the theme: “Cyber crime and South Africa: An introspective look”.

The session focused on cyber crime trends and cyber-related incidents the CSIR is witnessing across the country, and their impact on business, government and the public.

Presenting insights from the CSIR’s research, Petzer noted the impact of cyber crime on the South African economy is estimated at R2.2 billion per annum, which he said is quite significant.

He said the country is the eighth most targeted in the world for ransomware, with more than half of South African firms impacted by ransomware in the past year.

Additionally, there have been quite a few cyber attacks on the local front recently, including credit bureaus, healthcare and retail groups, several government departments, as well as highly-organised DDoS attacks on South African banks, he indicated.

Given this, Petzer said the CSIR anticipates a marked increase in attacks on local government departments this year.

Cyber crime has been marked as one of the biggest risks for businesses in the country for the year, he indicated. “Businesses plan to spend 22% more on cyber security in the next three years.

“Businesses are taking note – there is a huge emphasis on investing in security capabilities and technology skills, but the risks will remain.

“We also expect the proliferation of ransomware will continue. It’s been quite rife in past years and we don’t expect ransomware to go away anytime soon.”

Petzer noted that cyber crime against children is also on the rise. “Things like people talking to children online, trying to coax them into either sharing information or pictures. We need to be aware of how our children interact with technology.”

South African complexities

While some may reason that cyber crimes and cyber attacks are an issue the world over, in SA, the security challenges are further compounded by the unique local landscape, Petzer stated.

“We have quite a complex socio-economic landscape; we are by all accounts the most unequal country in the world, so we have a high rate of poverty and unemployment. These things serve to drive crime rates.

“It also results in a big vulnerable population. Since that vulnerable population tends to earn below [a certain threshold], people can’t recover as easily from any incidents of fraud, financial theft or cyber incidents.

“An impact on a vulnerable individual is much higher than on a more affluent counterpart.

“We tend to put a higher priority on our socio-economic challenges than on our technological challenges, and we should. We don’t have as much money and capacity to focus on technological challenges and cyber security.”

Petzer also listed SA’s high adoption of technologies and devices, like smartphones and the internet, among some of the critical unique factors. The country’s large youth population also tends to drive the adoption and uptake of technologies and online services even further.

Conversely, the general population is not tech-savvy, and doesn’t have the training and awareness needed to interact with devices in a safe and secure way, he commented.

Overcoming skills challenges

According to Petzer, there is a massive skills gap in cyber security. He noted the demand is quite high, with cyber security consistently ranking among the top five most in-demand IT fields.

Referencing Kaspersky findings, he said 87% of organisations in SA currently don’t have adequate cyber security skills to provide protection.

Further, the estimated global shortfall of cyber security professionals is 2.27 million people. “We need to focus on building the pipeline. We all want to get cyber security skills immediately – to fix the immediate problems – but we need to focus on the long-term as well.

“This challenge will stay with us for many years to come.”

The CSIR researcher suggested a concerted effort to increase the pipeline. “We need to invest in sponsorships, training and bursaries, and we must also realise cyber security is not just technical knowhow.

“A lot of soft skills have quite a big role to play in the cyber security domain. Security is not just technology…people and processes are quite a big component.”

He also suggested lowering barriers to entry, promoting visibility of the field and accessibility. “We must place a bigger focus on promoting inclusion and diversity in our organisations, the sponsorships that we award and the people given opportunities in the field.

“We also need to realise security roles can often be learnt on the job, so we need to give people opportunities.”