For a little developing country, SA often plays out of its boots. See many years of international rugby dominance. See also our international standing in less-fun rankings such as cybercrime indices.
According to researchers at the Council for Scientific & Industrial Research (CSIR), SA ranks sixth in the world for cybercrime density, or cybercrime per capita. We have the highest instance of business email compromise in Africa, and — this last one will spark nightmares — more than half of SA businesses had a ransomware incident in the last year. In fact, we were the world’s eighth most-targeted country for ransomware.
These titbits of terror come from a webinar hosted by the CSIR last week called “Cybercrime and SA: An Introspective Look”. CSIR’s cybersecurity systems research leader, Billy Petzer, told webinar participants that cybercrime was costing SA’s economy R2.2bn annually. SIM swap fraud and digital banking losses are on the up, and the most devastating and personal cybercrimes — such as sextortion and cyberbullying — often go unreported, meaning the worrying estimates are probably significant underestimations.
The webinar is on CSIRNewMedia’s YouTube channel. There’s an aeons-long holding screen though, so skip to the 54-minute mark to get into the meat of it.
The CSIR’s approach was to ask what specific local circumstances contribute to this, singling out elements such as inequality, our real-life crime rate, the technological prowess of the economy, and high smartphone penetration. A lack of cybersecurity “street smarts” will make for more potential victims, too.
Resolve itself
Our “slow development and adoption of [appropriate] regulation” also comes into play. It must be added — in fairness to appropriating their research — that the CSIR is working with the police and various industry bodies to combat this and provide guidance on a mitigating strategy.
But the range of cybersecurity studies crossing my desk in the past month suggest this is not a problem that will resolve itself or become more manageable, especially as bad actors employ generative and other artificial intelligence tools, probably faster than the good guys can get a PowerPoint presentation on the matter in front of their higher-ups.
Cybercrime Magazine — a respected international resource on the topic — has predicted that the cost of global cybercrime damage will grow 15% annually for the next three years. The impact of cybercrime by 2025 will be a $10.5-trillion annual price tag: “If it were measured as a country, cybercrime would be the world’s third-largest economy after the US and China,” reports the publication. Here’s another comparison, of my own: as a percentage of the estimated global GDP (2022), it’s 10%.
Some other factors bear considering. There are the ongoing job losses in tech, a number that is now nudging up towards 170,000. That’s almost 170,000 tech industry people laid off globally in three-and-a-bit months of 2023 alone.
Of course, companies tend to lose less-scarce skills first, and cybersecurity doesn’t fit that categorisation. However, what this does add to the picture is a lot of smart, technically inclined people with insight into the inner workings of major companies (and their user bases) … people with time on their hands and potentially smouldering resentment. The same kind of resentment that rampant inequality begets. If I were nefarious-inclined, I’d start there.
Brain drain
Thinking clinically, the next element is the total addressable market, to borrow a phrase from business. Or in this case, the total scamable one. Almost two-thirds of the world’s population is online, and people are making their way up the online experience curve faster each year, meaning more people to target, and more opportunities to do so.
And finally — bringing this back home — I find myself wondering what role the BrainDrain2.0 is having on SA’s fighting chances against this scourge. There are no all-inclusive numbers of emigration from SA, but judging by a mix of SA Revenue Service data and other sources, tens of thousands of working-age South Africans are off elsewhere in search of employment and predictable electricity supply, and it is easiest for our most educated and skilled to get their hands on work visas.
Cybersecurity firm Fortinet recently published research that shows 40% of local companies are struggling to find and keep the required cybersecurity talent. As many as 64% called it an “additional cyber risk” for their company. After a recent media meet-and-greet I asked Cisco’s sub-Sahara chief technology officer and head of engineering, Conrad Steyn, what he makes of this. Steyn says the exit of critical ICT skills from SA has affected all ICT spheres already, driving up demand for these skills and making them even more difficult to retain.
“Organisations are struggling to recruit cybersecurity specialists or to develop the required skills, as the risk remains that they will leave once certified,” he warned. As a result, many local organisations are “unable to cope with their internal cybersecurity management” and are “forced to outsource and adopt managed cybersecurity offerings”.
So add that into the operating expenses budget, alongside the extra insurance costs. SA has a crime problem, of the cyber variety. Of course, I don’t mean to downplay the horrific physical violence and rampant analogue theft that grabs headlines with every annual crime stats announcement, but for all the vigilance and precautionary measures we see corporate and middle-class SA applying to their corporeal assets, digital security is often overlooked.
Though smishing or data breaches are not as immediately threatening as a home invasion, they can be truly devastating. These crimes can tank businesses, clear out bank balances, expose corporate secrets, and on the social and personal side, can contribute to shaming, depression, and more.
• Thompson Davy, a freelance journalist, is an impactAFRICA fellow and WanaData member.
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.