SA companies lose on average R36 million every time they get hacked
- A new report by IBM shows that the average cost of a data breach in South Africa is R36.5 million.
- More than 21,000 records have been breached in the year to 2018.
- Worryingly, it takes an average of 150 days to identify a data breach.
Cyber criminals appear to be winning the war of cyber security as they put South African businesses to the sword.
According to the latest IBM study, titled Costs of Data Breaches Increase Expenses for Businesses, the average cost of a data breach in SA is R36.5m, up from R28.6m in 2016.
The study, conducted by the Ponemon Institute on behalf of IBM, found that the 21,090 breached records over the year to 2018 represented a 12.2% increase in value from the 2017 report.
The study calculated the cost of breaches based on interviews with companies that analysed the impact of technical investigations, legal activities, lost business and reputational damage.
"While highly publicised data breaches often report losses in the millions, these numbers are highly variable and often focused on a few specific costs which are easily quantified," said Wendi Whitmore, Global Lead for IBM X-Force Incident Response and Intelligence Services (IRIS).
Liberty Holdings announced a major hack in June as cyber criminals attempted to blackmail the insurance firm with a data ransom demand.
Hackers also defaced the Presidency's website on Saturday, July 7, though no data leak was reported.
Companies face serious risks in terms of a data breach and employees are usually the first target for cyber crooks.
According to the Symantic Internet Security Threat Report, spear phishing (targeted fraudulent emails) are the most common methodology that crooks employ - used by 71% of organised groups in 2017.
"The truth is there are many hidden expenses which must be taken into account, such as reputational damage, customer turnover, and operational costs. Knowing where the costs lie, and how to reduce them, can help companies invest their resources more strategically and lower the huge financial risks at stake," said Whitmore.
At 45%, criminal attack makes up the highest portion of data breaches, followed by human error (30%) and technical glitches (25%).
Worryingly though, it takes an average of 150 days to identify a data breach, but with criminal attacks specifically, identification takes 163 days and containment around 45 days.
For South African companies, the detection costs jumped from R9.5m in 2016 to R12.3m in 2018.
Data Breaches by the numbers
Cost of breaches
Number of records
Time to identify
Detection and escalation costs
Cost per stolen record
Watch this video where security expert Leon van Aswegen explains the basic tips you can do to protect yourself from cyber criminals:
Receive a single email every morning with all our latest news: Sign up here.
Also from Business Insider South Africa: