Cybercrime and hacking have become big problems for small business owners, experts say, as SA marked International Data Privacy Day on Wednesday.

by Samuel Mungadze | BDLive

The purpose of Data Privacy Day, an international holiday that occurs every January 28, is to raise awareness and promote privacy and data protection best practices.

International consulting firm PwC estimates cybercrime costs the global economy $445bn a year, and says cyber espionage and stealing personal information affected more than 800-million people worldwide in 2013.

Local experts warn that few small businesses have implemented the right technologies to prevent cyber attacks in SA, which has put them at risk.

They say the cost is too high for local companies to ignore. For small businesses, the worst breaches cost between R1.1m and R2m on average; and for large companies, the damage is estimated at between R10.5m and R21.5m.

Henk Olivier of Johannesburg-based firm Ozone IT says although there is awareness of cybercrime in the country, few small businesses had the technologies needed to prevent an attack.

"Many entrepreneurs do not truly understand the capabilities of cybercriminals, what they target and its value. Think of all the information you hold on employees, vendors and clients across platforms. Could you afford to have your system breached?"

Basie von Solms, director at the University of Johannesburg’s Centre for Cyber Security, says last year was not a good one for the corporate world, especially for large corporations, as far as cyber security is concerned.

He warns that more serious breaches are expected this year, and that clients and customers are becoming more aggressive in taking action against companies that compromise their information.

"It is prudent to reiterate the absolute accountability of the board of a company as far as cyber security governance is concerned," he says.

He cautions that with most companies totally integrating their business processes and company strategies on computer systems using the internet, the risks of cyber crime and cyber attacks grows daily.

"You cannot have a significant internet presence and expect not to become a target for cyber criminals. The risk related to using internet-based computer systems in a company is one of the most serious risks to be overseen by boards."

Mr von Solms says SA has joined the rest of the world when it comes to cyber attacks. He gave an example of US retail group The Target, which lost the credit card information of 40-million clients and the personal information of 110-million clients through hacking.

"Target now faces a class action lawsuit claiming that it was negligent in its failure to implement and maintain reasonable security procedures and practices. The CEO was ousted and the chief information security officer resigned," he says.