29 September 2023 • 3 min read

11 Cyber security statistics that will make you change your password immediately

Cyberattacks on South African companies are on the rise – and they’re becoming increasingly sophisticated. The spike in attacks started from 2019, as internet and smartphone usage in South Africa grew exponentially and cyber criminals took advantage of increased opportunities for things like digital extortion, business email compromise, ransomware, botnets and...

Ryan van de Coolwijk

Ryan van de Coolwijk

Cyberattacks on South African companies are on the rise – and they’re becoming increasingly sophisticated. The spike in attacks started from 2019, as internet and smartphone usage in South Africa grew exponentially and cyber criminals took advantage of increased opportunities for things like digital extortion, business email compromise, ransomware, botnets and online scams. 

With local cyber insurers reporting the highest level of incidents they have ever seen, local businesses are at risk of suffering a harmful data breach at any time. If you’re a South African business owner, here are 11 stats that show the importance of having robust cyber security – and insurance – within your organisation:

  1. 70% of South Africans have fallen victim to cyberattacks or other risky activity. Compared to a 50% global average, it’s clear that South Africa is a cybercrime hotspot. 
  2. South Africa ranks in sixth place among the countries most affected by cybercrime. This equates to 52 cybercrime victims to every million internet users, according to cybersecurity company Surfshark.
  3. 68% of South African companies have experienced an increase in email-based threats. A further 44% say they’ve experienced a significant increase, which is higher than the global average of 29%.
  4. 52% of South African companies were harmed by a ransomware attack during the past 12 months. Despite some cybercriminals shifting to email-based attacks, ransomware threats are far from dead – in fact, there’s been a recent resurgence  both locally and internationally.
  5. 90% of businesses in Africa are operating without the necessary cybersecurity protocols. Interpol’s African Cyberthreat Assessment Report says a gap in law enforcement cyber capabilities on the continent are a key enabler for criminal opportunities, networks and infrastructure. 
  6. South Africa loses $157m each year to cyberattacks. The SA Banking Risk Information Centre says that malware and ransomware attacks are becoming more exclusive to businesses, with about 4,500 victims in 2021. A total of 3,700 ransomware attack victims collectively lost $49.2m while 800,000 malware attack victims collectively lost $45.6m in the same year.
  7. 61% of South African businesses expect to be harmed in 2023 by a collaboration tool-based attack. There’s been a huge surge in the use of collaboration tools over the past three years as companies seek to improve efficiency in the post-Covid years with a partly or fully remote workforce. Unfortunately this wide adoption has also made them an easy target for hackers: 93% of companies agree that collaboration tools are essential to the well-ordered functioning of their organisation, but 70% say they pose significant new security risks. 
  8. Eight out of 10 respondents believe their company is at risk due to inadvertent data leaks by careless or negligent employees, with a quarter saying that the risk is extremely high.
  9. 52% of companies identified insufficient employee awareness of cyber threats as their organisation’s biggest security challenge in 2023. South African companies also expressed concern about employees making serious security mistakes in the following activities: misuse of personal email (81%), using cloud storage and other shadow IT (78%), poor password hygiene (77%) and using collaboration tools (69%). Encouragingly, 28% of organisations provide staff training in cybersecurity. 
  10. The average financial services employee has access to nearly 11 million files the day they walk in the door. For large organisations, the number is double: 20 million files open to all employees. Additionally, nearly two-thirds of companies have more than 1000 sensitive files open. Sensitive company information is therefore highly vulnerable to security attacks. 
  11. 60% of companies have more than 500 passwords that never expire and nearly 40% have more than 10 000 ghost users. One of the most common causes of insurance claims is a compromise of user credentials, whether due to phishing attacks or simple passwords that are cracked. The risk posed by passwords that never expire is that they never change and will likely become known over time. If companies don’t keep close tabs and controls on the accounts and passwords within their environments, there’s a much higher risk of them being used for malicious activities.

The cyber security landscape is always changing, forcing businesses to play continuous catch up while applying more and more resources to defend against threats. But while companies are constantly looking for additional security mechanisms, it’s an ongoing battle: as they tick some boxes, hackers simply move the goalposts. Overall, companies need to actively manage their security – through things like multifactor authentication – on an ongoing basis, while also preparing for the worst. A cyber insurance policy offers the ideal safety net in this regard, helping to protect businesses against the reputational and financial damage if they fall victim to cybercrime.