The financial services industry is under attack by cyber criminals because it has information that is of great value to hackers.
This was the warning sent out by Tebogo Legodi, digital lead at Sanlam Employee Benefits, at the Sanlam Benchmark 2019 event hosted on the Spier Estate near Stellenbosch on Monday.
'Skilled and ruthless'
"Cyber hackers are professionals. They probably have their own ‘benchmark symposiums’ too.
"They are skilled and ruthless and some are probably even sponsored by states," she told delegates.
"Information security is no longer a nice-to-have. It is also required by the Protection of Personal Information Act and there could be fines of up to R10m or imprisonment of up to 10 years for missing some of the required components."
She further noted that the King IV Report for Corporate Governance addressed IT governance in detail for the first time.
"If you do not already have an information governance framework, you are already at a threat," said Legodi.
"According to the Allianz Risk Barometer for 2019, those surveyed named the cyber security as the most feared threat as far as business interruption is concerned."
She said financial services entities are beginning to realise the value of the data they have and that they are under attack by a new generation of criminals. According to research by IBM, there are about 17 billion cyber-attack incidents daily, and the most attacked industry is financial services, because of the data they have.
The third most attacked sector seemed to be consultants, as they also have a lot of information in their systems, making them "vulnerable and lucrative" for cyber criminals.
Research by Refinity shows that the typical cost of a cyber-breach for a business is about $4m, and the total cost of cyber-attacks in the world each year is estimated to be about $600bn - more than the cost of natural disasters.
Legodi said cyber criminals can sell the data they hack back to a company or can exploit it further by selling it to a third party with the ultimate aim being identity theft. "Poor internal security practices can enable phishing, social engineering by studying your social profile and weak passwords to wreak havoc," cautioned Legodi.
Key enablers for cyber resilience are aware people, a culture of being cyber savvy, training to combat cyber risk, and a structure which enables cyber security.
"Data loss can occur anywhere. It is not just an administrator’s problem. We need a collective effort in the financial services industry for cyber security resilience," said Legodi.
"Cyber risk cannot be ignored. We must also be mindful that the degree of cyber resilience can vary among fund managers. We must make cyber security as part of the culture in our industry."