Tech innovations can endanger companies
Nearly three-quarters (74%) of local C-suite executives believe cyber risks will grow substantially, as firms in SA harness the latest technologies to become more connected, intelligent and autonomous.
This is according to new research from Accenture, titled: Securing South Africa's Future Enterprise Today.
The study of over 1 400 C-suite executives from around the world included more than a hundred respondents from SA. It highlights that new technologies are arriving before companies have developed a broad perspective on the cyber risks, responses and remediation plans that are required in the new business environment.
This includes technologies such as artificial intelligence (AI), machine learning, Internet of things (IOT), robotic process automation, autonomous machines, drones and cloud computing.
"Companies are not hesitating to race ahead with investments in new tech-enabled ways of doing business, often in response to competitors and 'disruptors' in their markets," says Accenture. "But there is a disparity between what C-suite executives say are the emerging areas of concern and the cyber security strategies employed."
Artificial intelligence threat
More than 85% of South African executives point to cyber security concerns regarding AI, making it the riskiest new technology, in their view.
The survey further found that close to 90% of executives in SA are looking to, or have already, adopted new digital technologies like the cloud and IOT.
Around 77% of global respondents cited IOT as the technology that will increase cyber risk moderately or significantly. In SA, 85% cited IOT as a potential source of cyber risk.
"Ninety-two percent of companies in SA base their cyber security investments solely on today's known risks and cyber security needs, and do not consider future business needs in the investment plans," says Yusof Seedat, head of global geographies for Accenture Research.
"The same AI technology that enables banks, for instance, to create sophisticated profiles of individual consumers to customise loan offers can also be used by hackers to track consumers' online activity to steal account passwords."
As far as data management is concerned, top executives in SA are highly concerned about the potential dangers of sharing data with third-parties.
Nearly 60% of respondents said they expect data exchanges with strategic partners and other third-parties to raise cyber risk, and 90% of C-suite leaders anticipate the number of third-parties and strategic partners in their ecosystems will increase in the next three years.
While companies believe the growing volume of data exchanged with third-parties is a risk, few attempt to ensure data integrity beyond their own operations.
In terms of smart devices, companies expect to make and sell many more connected consumer devices, including connected cars and smart appliances like wearable health monitors and Internet-enabled pacemakers.
"These products, however, introduce potentially catastrophic cyber risks which expand the risk from monetary and reputational loss, to possible loss of life and physical disruptions," says Wandile Mcanyana, Accenture security senior manager for Africa.
With more businesses relying on application programming interfaces (APIs), for instance, almost two-thirds (64%) of South African respondents say it will increase cyber risk. However, only 20% believe open API technology is protected by their cyber security strategy, indicating a wide gap of 44% between awareness of risks and their protection.
Planning to win
Only 29% of chief information security officers in SA (40% at global level) said establishing or expanding an insider threat programme is a high priority.
According to Mcanyana, companies should develop a coherent cyber strategy and investment plan that focuses on the key issues of data governance and protection.
"Companies must make security a top priority in the design and development of connected products and services. Companies should work with partners to establish mutually accepted rules, among numerous other solutions. The reality is increasingly sophisticated cyber attacks can cripple businesses and the reputational damage alone can impose significant indirect costs, like the loss of customer loyalty," adds Mcanyana.
"The connected, intelligent, autonomous business of the future needs pervasive cyber resilience to keep cyber attacks from crippling their business. Simply put, security needs to be baked into everything the organisation does."