Despite spending more on cyber security, companies don’t feel protected

Kirsten Doyle
By Kirsten Doyle, ITWeb contributor.
Johannesburg, 03 May 2022
Arthur Goldstuck, CEO of World Wide Worx.
Arthur Goldstuck, CEO of World Wide Worx.

Although nearly three quarters of SA's top 100 corporates are investing more in cyber security than the industry average, an almost equal proportion do not feel fully protected by their existing cyber security strategy.

This was one of the findings of “The State of Cybersecurity in South Africa”, a study conducted by World Wide Worx on behalf of Intel and Dell SA, that surveyed IT decision makers and C-level execs from 100 companies.

When asked how much they invested in cyber security relative to what they saw as the industry average, 68% of companies said they had invested above the industry average.

“This suggests there is a fairly high level of significance attached to cyber security,” says Arthur Goldstuck, CEO of World Wide Worx. “In fact, of those, 27% said they were well above the industry average and were industry leading in terms of the investment in cyber security.”

Security and business strategy

However, he says the key question that goes hand in hand with how much they have invested is how important cyber security is to overall business strategy.

“This reveals extent to which organisations understand how important cyber security is not just to keeping the lights on, but to growing the business and achieving the business goals,” adds Goldstuck.

Five years ago, maybe half of the respondents would have said that cyber security is critical to business strategy, but in 2022 91% of enterprises said that it's highly important in business strategy and a further 8% said somewhat important, in other words, 99% of major enterprises consider cyber security as critical to their business strategy or important in their business strategy.

Bryan Turner, senior data analyst at World Wide Worx, says the report also focused on security frameworks and how corporates make use of them. “When we asked the corporates which security frameworks they used, a large proportion of them took a mixture of approaches using several different solutions together."

 Around 60% of the businesses who participated in the survey had hired external companies to manage their cyber security while another 40% said that they were using internally managed off the shelf solutions.

Data insurance

Turner says cyber security is like data insurance – if a corporate doesn't pay for it, they'll likely be sorry.

“When looking at actual solutions, there seems to be a consensus on one technology in particular – VPN access to internal systems. And overwhelming 98% of corporates said they use this technology which has become far more popular since the onset of remote working. In addition, cloud platform managed security also came out on top, showing once again how important it is to have a remote working setup that is cloud first."

In addition, the overwhelming majority (99%) of organisations are aware that disaster management is crucial. “This figure must, however, be seen in the context of only 40% of large businesses using multiple solutions to protect, backup, and replicate their data in the event of disaster. That said, most respondents (99%) had not experienced cyber attacks that led to financial loss,” adds Turner.

The 1% that experienced loss after a data leak provide a useful case study of security stances after an attack: these businesses had their systems compromised before the onset of remote working, indicating that no matter how a corporate geographically locates its employees, it remains vulnerable. The event, says Turner, cost this entity a whopping one million rand, just on a data leak alone.