According to the office of South Africa’s Information Regulator, advocate Pansy Tlakula, local companies report at least 100 cyber security breaches every month. From October 2022 to June 2023, Tlakula received 1021 data breach notifications, averaging 113.4 incidents every month.
Tlakula’s office, which is tasked with ensuring that organisations put in place measures to protect the confidential data of their customers in accordance with the Protection of Personal Information Act (POPIA), believes the massive spike in data compromises is the result of the over-processing of data and customer information.
The current statistics highlight the dire need for cyber security training and solutions in South Africa, especially for enterprises and companies that process massive volumes of data. 4C Cyber Security offers various services designed to protect businesses from online threats. These include risk assessments, vulnerability management, compliance management and user awareness training.
How the Information Regulator works
Under POPIA, all businesses are required by law to notify the Information Regulator of any data leaks or cyber breaches that could expose the information of South Africans to unauthorised third parties. Failure to do so could result in fines or criminal prosecution, depending on the seriousness of the incident.
“Every public body, every private body that has suffered a security compromise or data breach has to notify us – there is no threshold. Even if one person was breached, they still have to notify us,” explains advocate Tlakula. “I think we are one of the highest in the world with data breaches,” she adds.
Upon any data breach report, the Information Regulator will begin investigations to determine if there was any non-compliance with Section 19 of POPIA. This is a complex process with many variables that could take several months or years to complete. The findings are then presented to the police and prosecutors in cases where negligence is found.
Data breaches on the rise
According to the Council for Scientific and Industrial Research (CSIR), data breaches cost the South African economy R2.2-billion every year. These security incidents vary in scale and impact, but at least 100 breaches have been reported every month in 2023.
Businesses should not assume that they will be unaffected by cyber security incidents. Even the government is not immune; the Western Cape Provincial Parliament (WCPP) suffered a data breach in June 2023. The government advised stakeholders, including media representatives, members of the Consular Corps, job applicants and service providers, that their personal information may have been compromised.
The WCPP issued a statement saying that “the WCPP is proceeding on the assumption that some or all of its data has or may have been leaked. This also applies to personal information, such as names, e-mail addresses, telephone and cellphone numbers, identity numbers, bank account information and financial statements held by the WCPP.”
With the rise in data breach reports, it’s important to remember that there may be incidents that go unreported. This spike may be an indication that local businesses are becoming more aware of their responsibilities to report data breaches to the Information Regulator and other authorities.
Companies in South Africa should take steps to ensure that they protect their customers’ data and the information of partners and stakeholders. Working with cyber security professionals will ensure employees are trained in the skills and knowledge required for their jobs and that IT systems are protected by security software.
4C Cyber Security will help you understand and prioritise risks, identify and remediate vulnerabilities, and meet compliance requirements. With our help, you can rest assured that your business is well-protected, even in the face of an ever-changing threat landscape. If you’d like to find out more about these offerings, please contact us today.
At 4C Group of Companies, we strive to effect operational changes and cost savings for customers through our iNSight product and associated services. This product’s main function is to re-purpose and deliver business-critical information to a variety of systems and stakeholders.
We specialise in information management, business assurance, fintech solutions and a variety of cyber security services. For more insights into our products and services, check out our blog page or follow us on Facebook, LinkedIn and Twitter.