The cabinet's approval this week of the National Cyber Security Policy Framework will lead to a secure e-commerce environment, and higher rates of investment, by providing for a set of measures to tackle cyber crime.
Cyber crime has emerged as a significant contributor to economic crime losses in South Africa, and is now the fourth most common economic crime, according to business consultancy firm PwC.
About 47% of South African respondents to a PwC survey stated that their losses for the 12 months before the survey amounted to more than $100000, with 11% reporting that their losses ranged between $5-million and $100-million.
"Organisations also noted collateral damage such as impact on reputation/brand, share price, employee morale, business relations, loss of market share, and relations with regulators," said Louis Strydom, head of PwC's forensic services practice.
The framework, drawn up by the Department of Communications two years ago, aims to establish a national cyber security advisory council that will co-ordinate existing policies on security issues in the sector, and applicable interventions. It will also assess the state of cyber security nationwide, and advise the communications minister on the appropriate response to threats.
At a justice and security cluster media briefing last month, Justice Minister Jeff Radebe said this responsibility will be moved from the Department of Communications to the Department of State Security.
"The police have, in the interim, put operational measures in place to deal with incident management in this regard," said Radebe.
"Several cases have been prosecuted by the National Prosecuting Authority, while others are currently under investigation."
The framework also provides for the establishment of incident response teams, which will be deployed at three levels: government, nationally and in specific economic sectors.
These teams will identify and analyse cyber security threats, deal with them and report on them to the parties affected.
Boland Lithebe, information security and risk manager at Accenture SA, said approval of the framework is an important step in acknowledging the importance of information security.
"The challenge now is to shift from security policy directive to something that is measurable and enforceable," said Lithebe.
"The framework alone doesn't change anything.
"The government has committed to review other laws in terms of the framework, and to correct policy accordingly. If these modifications are done properly, with correct auditing, these may become enforceable."