Every business is a digital business

Read time 2min 00sec
Nerushka Bowan, technology and privacy lawyer at Norton Rose Fulbright.
Nerushka Bowan, technology and privacy lawyer at Norton Rose Fulbright.

In an age when more devices are becoming 'sensorised', connected and intelligent, cyber risk is no longer only an IT issue or an industry-specific issue.

This is according to Nerushka Bowan, technology and privacy lawyer at Norton Rose Fulbright, speaking today at ITWeb's Governance, Risk and Compliance 2017 conference in Johannesburg.

According to Bowan, new phishing attacks are launched every 30 seconds globally and SA has one of the highest occurrences in the world.

"Part of the reason for that is the lack of a better compliance or better regulation culture in the country and also because we don't have laws that are enforcing it. So if you look at the POPI Act or the Cyber Crimes and Cyber Security Bill, we are moving in that direction but nothing is implemented as yet. So people are not implementing the safeguards that are in these pieces of legislation and therefore leaving us as a society vulnerable."

In her presentation, Bowan highlighted that the average total cost of data breaches in SA per annum stands at R28.6 million.

It is for this reason that she says every company should be taking the concept of digital risk seriously and doing so at the most appropriate senior management level.

"Every business is digital business, in our cyber crime world, hackers are going to hack us. Ignorance is not a defence. If you look at the composition of board members today, often people take the approach of I don't understand these kind of things, it's not my expertise, therefore somebody else can worry about it. That is a very dangerous position to be in, especially for people who are in positions where they need to make strategic decisions for the business," she said.

Bowan noted there are plenty of risks associated with big data, mobile, cloud computing, Internet of things, artificial intelligence and machine learning as these are all now part of the business structure.

Companies need to implement a legislative framework, pay attention to data security through staff training and ethics, and exercise privacy by design to achieve desired results, she emphasised.

See also