(Getty Images)
  • A new report by IBM shows that the average cost of a data breach in South Africa is R36.5 million.
  • More than 21,000 records have been breached in the year to 2018.
  • Worryingly, it takes an average of 150 days to identify a data breach.

Cyber criminals appear to be winning the war of cyber security as they put South African businesses to the sword.

According to the latest IBM study, titled Costs of Data Breaches Increase Expenses for Businesses, the average cost of a data breach in SA is R36.5m, up from R28.6m in 2016.

The study, conducted by the Ponemon Institute on behalf of IBM, found that the 21,090 breached records over the year to 2018 represented a 12.2% increase in value from the 2017 report.

READ: SA companies 'to blame' for being hacked

The study calculated the cost of breaches based on interviews with companies that analysed the impact of technical investigations, legal activities, lost business and reputational damage.

"While highly publicised data breaches often report losses in the millions, these numbers are highly variable and often focused on a few specific costs which are easily quantified," said Wendi Whitmore, Global Lead for IBM X-Force Incident Response and Intelligence Services (IRIS).

Serious risks

Liberty Holdings announced a major hack in June as cyber criminals attempted to blackmail the insurance firm with a data ransom demand.

READ: Here's how cyber criminals are targeting attorneys in scams to steal cash

Hackers also defaced the Presidency's website on Saturday, July 7, though no data leak was reported.

Companies face serious risks in terms of a data breach and employees are usually the first target for cyber crooks.

According to the Symantic Internet Security Threat Report, spear phishing (targeted fraudulent emails) are the most common methodology that crooks employ - used by 71% of organised groups in 2017.

"The truth is there are many hidden expenses which must be taken into account, such as reputational damage, customer turnover, and operational costs. Knowing where the costs lie, and how to reduce them, can help companies invest their resources more strategically and lower the huge financial risks at stake," said Whitmore.

At 45%, criminal attack makes up the highest portion of data breaches, followed by human error (30%) and technical glitches (25%).

Worryingly though, it takes an average of 150 days to identify a data breach, but with criminal attacks specifically, identification takes 163 days and containment around 45 days.

For South African companies, the detection costs jumped from R9.5m in 2016 to R12.3m in 2018.

Data Breaches by the numbers

Cost of breaches


Number of records

21 090

Time to identify

150 days


40 days

Criminal cause


Human error


System glitch


Detection and escalation costs


Cost per stolen record

R1 792

Watch this video where security expert Leon van Aswegen explains the basic tips you can do to protect yourself from cyber criminals:

Receive a single email every morning with all our latest news: Sign up here.

Also from Business Insider South Africa:

  • Watch: The 10 most dangerous airport runways in the world
  • On Friday SA unveils the R4.4 billion MeerKAT telescope. Here’s what it’s for.
  • This SA farm made a name in organic wines – now it is going vegan
  • We checked the shelves to see if ‘pink tax’ exists, and found women pay much more than men for the same thing