We often hear the phrase “data is the new oil.” If that’s the case, then South African businesses are haemorrhaging money faster than you can say “cybersecurity.”
A recent IBM report reveals that the average cost of a data breach in South Africa has skyrocketed to a jaw-dropping R63 million.
That’s enough to buy several small islands. Or, more practically, implement a robust cybersecurity system that could have prevented the breach in the first place.
The cost of data breaches in South Africa
The 2024 Cost of a Data Breach Report, now in its 19th year, was released this month. It paints a grim picture of the cyber landscape in South Africa…
While we might pride ourselves on our braai skills and rugby prowess, our digital defences are about as effective as windshield wipers on a submarine.
Let’s break down the nitty-gritty of these costly calamities:
Compromised login deets
The usual suspects include stolen or compromised credentials were the most common initial attack vectors, accounting for 17% of all cyberattacks.
These digital break-ins cost companies an average of R56 million per breach. “Password123” isn’t cutting it anymore, folks.
Phishing attacks
Let’s not forget phishing attacks, the digital equivalent of those emails from long-lost Nigerian princes. These breaches made up 12% of cases, with an average cost of R56.31 million.
Apparently, South Africans are still falling for the digital equivalent of “Is your refrigerator running?”
(Giving away my age here but this is a prank call joke. If they replied “yes”, the prankster would say: “Well, you’d better go catch it!”)
Business email drama
Business email compromise (BEC) was the most expensive entry point at R63 million per breach. These breaches account for 10% of cases studied in South Africa.
The report doesn’t go into detail (with good reason), but BEC typically involves hackers impersonating a manager, CEO, or other high-level executive
And finally, multi-environment breaches accounted for a whopping 49% of cases. There are incidents incidents where the compromised data was stored across a combination of different storage types.
Think public cloud, private cloud, and on-premises systems. These breaches result in losses of up to R59 million on average, and it takes the longest to identify and contain – about 263 days.
That’s longer than it takes for a government service to process your passport application. but I digress.
Sadly, most businesses struggle to recover. See image below.
ALSO READ: What the heck happened at Microsoft…?
Industry breakdown: Who’s bleeding the most?
Financial services are hit the hardest, with an average breach costing approximately R75.31 million. Turns out, money really does attract trouble.
The industrial sector comes in second at R67.26 million per breach. That means our factories and industrial plants are as vulnerable as they are vital.
The hospitality sector rounds out the top three at R61.76 million. Who knew hackers were so interested in our holiday plans.
The silver lining (if you squint really hard)
Before you pack up and move to a remote island with no internet connection, there is a glimmer of hope.
South African organisations needed an average of only 227 days to identify and contain incidents. This is 31 days below the global average of 258 days.
So, we’re not the worst at everything!
However, teensy tiny victory is overshadowed by the fact that South Africa ranks as the 14th most expensive country for data breaches out of the 16 countries studied.
We’re sandwiched between Australia and India.
Cybersecurity skills gap
According to the report, one of the key factors amplifying breach costs is the security skills shortage.
It’s like trying to fight a wildfire with a garden hose – we simply don’t have enough trained professionals to man the digital watchtowers.
South Africa needs to address the urgent need for robust cybersecurity measures, which, yes, does include AI-driven security solutions.
What can businesses do?
First and foremost: invest in training to upskill your existing workforce. Then, hire cybersecurity professionals. Yes, they’re expensive, but not as expensive as a R63 million breach, hey?
The multi-factor authentication horn as been tooting for years, but it needs repeating: Activate 2-factor authentication. Just do it. Please.
It’s like adding a moat to your digital castle.
Do regular security audits to find out where your vulnerabilities lie. And please, just embrace AI-driven security solutions.
Clearly, the AI overlords are smarter than us when it comes to this.
And finally, something we still clearly lack: create a culture of cybersecurity. Everyone from the CEO to the intern should be aware of cyber risks and best practices.
How do we stack up globally?
While R63 million per breach is nothing to sneeze at, it’s small change compared to the United States, where the average breach costs a staggering US$9.36 million (about R178 million).
The Middle East comes in second at US$8.75 million (R166 million).
However, this is cold comfort. Our lower breach costs likely reflect our smaller economy. It is definitely not a reflection of our superior cybersecurity practices.
We’re still losing millions, and for many South African businesses, a R63 million hit could be a knockout blow.
A wake-up call
The IBM report should serve as a klaxon alarm for South African businesses. We’re facing a perfect storm of sophisticated cyber threats, a skills shortage, and complex IT environments.
It’s time for South African businesses to step up their game. Data is currency, after all; we need to be the Fort Knox of the digital age, not the unlocked car with the keys in the ignition.
R63 million buys a lot of braai meat – let’s make sure it stays in our pockets, not in the hands of cybercriminals.