/ 14 October 2023

SMMEs lose R49 million annually to cyber breaches


October is Cybersecurity Awareness Month and experts in the insurance field say 90% of African businesses are operating without the necessary protocols, putting themselves and their clients at risk of massive reputational and financial losses. 

The IBM annual Cost of a Data Breach Report shows that breaches have set back local companies an average of over R49 million each year in South Africa, yet many businesses still ignore the threat.

A report by cybersecurity company Kaspersky said spyware attacks in South Africa increased by 18.8% between the last quarter of 2022 and first quarter of 2023 and were up 12.9% and 14.6% in Kenya and Nigeria, respectively.

Commercial partner at King Price Insurance George Parrott said cybercrime has become one of the biggest risks to business survival in the country’s small, medium and micro enterprises (SMME) sector.

“Businesses, especially in the SMME sector, are more prone to attacks as what they spend on firewalls and security solutions just can not match the tools that cybercriminals have at their disposal. 

“Some business owners may mistakenly think that, because they store their sensitive data in the cloud, the cloud platform operator is responsible for that data but that isn’t the case,” said Parrott.

He shared some tips and highlighted the importance of being proactive to ensure that the correct processes and protections are in place.

He said awareness is the most important aspect of cybersecurity. 

“You can have all the security and firewalls in the world but they count for nothing if one employee clicks on a dodgy link in an SMS or an email. 

“I cannot stress how important it is to not only have a strong remote working security policy, but also to constantly keep security top of mind with every single employee.” 

Parrot said businesses must update their security software and install it correctly.

“When your device is in the office, and connected to the company network, security updates are installed automatically. 

“Away from the office, it is the ‘Wild West’, with many remote employees either postponing, or altogether avoiding, installing updates. You have to make it as easy as possible for your people to stay updated, otherwise you are putting yourself at risk,” he said.

Businesses should not wait for an attack to happen before action is taken.

“Good password hygiene, multi-factor authentication, training, back-ups, awareness and cyber insurance can all help to mitigate the impact of a cyberattack and these days it is best to make use of as many of these tools as possible.

“This highlights the need for continuous training of employees but, even here, training can only go so far. The fact is that cybercriminals are constantly improving their methods of attack and compromise through the use of emerging and ever-evolving technologies.”