Twice in the past year we have reported on major cyber security breaches in SA. In October, cyber criminals launched a phishing attack on nearly 4,000 BetterSure home insurance clients. In August the personal details of 24 million South Africans were leaked through a breach at credit company Experian. The cyber threat is real and our reaction to these onslaughts was minimal.
In both instances, the breaches were not reported timeously to the Information Regulator, creating a risk for the consumer. However, a game changer has arrived in the form of the new Cybercrimes Bill, recently signed into law by president Cyril Ramaphosa. It’s good news. It aims to bring SA’s cybersecurity laws in line with the rest of the world. While in the past companies could try to get away with keeping mum about a cybercrime breach, the Cybercrimes Bill compels electronic communications service providers and financial institutions to report cyber offences within 72 hours of becoming aware of them. Failing to do so may lead to a fine of not more than R50,000.
The new law is long overdue. Prof Basie von Solms, the University of Johannesburg’s cyber security centre director, has described SA as “third in the world when it comes to the number of cyber crime victims”, adding that we are “one of the worst cyber insecure countries in the world”.
It should help the most vulnerable in our society sleep better at night.
He was referring to a cyber attack in January — only detected in March — in which SA companies, including banks, fell prey to a global cyber attack on Microsoft’s e-mail exchange server system. Information Regulator chairperson adv Pansy Tlakula at the time warned that SA businesses were becoming increasingly susceptible to cyber attacks.
The Cybercrimes Bill shows that such warnings have finally been heeded.
In the Experian matter, Tlakula had to take the initiative to set up a meeting with Experian to establish why it took two weeks to report the breach. The regulator is responsible for ensuring companies, which are in possession of people’s personal information, are lawfully allowed to be in possession of the data, properly secure it and only pass it on to those who are authorised to receive it. The new law will greatly assist the regulator in its work.
There are many other aspects of the bill that also deserve applause. It will provide protection against cyberbullies and online sexual predators. It criminalises the disclosure of harmful data messages, such as those that incite violence or damage to property, threaten people with violence and contain intimate images. This includes electronic communication via WhatsApp, Facebook, Twitter and other social messaging services. It could help secure interim protection orders against those who feel threatened. An offender will face up to 15 years in prison.
The new bill will help protect all South Africans from many threats, ranging from faceless criminals hiding behind computer screens to those closest to our hearts and homes.
It should help the most vulnerable in our society sleep better at night.
May it be a forerunner for the finalisation of three new amendment bills, recently announced by Ramaphosa, aimed at filling the gaps in the fight against gender-based violence and femicide. These were passed by the national assembly on Thursday, and seem to be well on track to be signed into law by midyear.
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.