POPIA deadline looms but SA may not be ready
Organisations have until 1 July 2021 to ensure they comply with all sections of the Protection of Personal Information Act (POPIA), but many may not be ready.
This is according to Anna Collard, SVP of Content Strategy & Evangelist for KnowBe4 Africa, who was speaking ahead of a KnowBe4 webinar on South Africa's state of data protection, to be held on 26 November.
Collard notes that the KnowBe4 research in Africa has found that organisations across the continent are generally not prepared for cyber threats.
“KnowBe4’s African edition of its annual ‘What Keeps You up at Night Report’ is the result of surveys conducted in 18 African countries, asking more than 500 organisations about their concerns across a variety of security topics across six main categories – cyber threats, compliance security, security initiatives, users, resources and executive issues,” she says.
“African organisations are being targeted more actively by cybercriminals, to the level that it’s one of the fastest-growing regions in terms of cybercrime, but when you get down to the specifics, the differences between the survey’s continental averages and its three biggest Sub-Saharan economies are quite striking. In terms of the key findings, negligent users and remote workers were top concerns for African organisations, with 96% worried to some degree.”
Collard says ransomware tops the list of attack types, with 96% of African organisations expressing some degree of concern. Adequate budget appears to remain a challenge for 91% of organisations, impacting proper IT and security staffing, implementing solutions, and maintaining relationships with key vendors.
Security and data protection should be a top priority for organisations ahead of the final POPIA deadline, she says.
“Remote working is still very much a reality in SA and this will impact local organisations' ability to adequately protect their personal information. According to the KnowBe4 Data Protection Survey, when it comes to the preparedness of their organisation for POPIA compliance, just under a third of the respondents (30%) indicated they are well prepared, while 39% said they were “somewhat” ready, but more work needs to be done. 14% of the respondents have only just started, while 8% admitted they are not prepared at all.”
Collard says the top three privacy programme elements that respondents have conducted to move towards compliance are to educate staff (67%), to tighten technical controls (61%) and to identify their personal information assets (66%).
KnowBe4 Africa, in partnership with ITWeb, will host an interactive webinar this week to share the results of the surveys above and discuss the state of data protection readiness in South Africa.
For more information, and to register for this event, follow this link.