Where are SA’s cyber laws?
Liberty Group is not the first victim of a cyber ransomware attack, and it will certainly not be the last. In the past, most companies did not report such issues out of fear of reputational damage.
However, since the inception of the General Data Protection Regulation (an EU tool) in May, companies such as Liberty are obliged to inform their clients of such a breach.
It is almost impossible to entirely prevent it (although the basics need to be in place) and the economic effect is real: Liberty lost in excess of 4% in share value when markets reopened. A major source of concern is that SA is third on the list of countries most exposed to cyber risks.
Many major companies spend a lot to protect their clients’ data, but many more, especially small businesses, municipalities and even state-owned entities and departments, either can’t afford the security, don’t know that they should acquire it, or simply don’t bother.
Why then is the government not investing in developing local software and technology to assist the private sector and prevent losses to the economy? Why do we have to rely on EU regulations? And why has the state not embarked on a nationwide campaign to teach South Africans the basics of protecting themselves and their employers against cyber attacks?
The prevention and consequences of breaches cost the private sector billions every year. These companies have a duty to do all they can to protect our data as well as the interests of their shareholders and, where breaches do occur, to act on it, like Liberty has done. Surely the least the government can do is to lend them a hand.
George Michalakis, MP Via e-mail