Cybersecurity is not a concern of IT department, it’s a board issue

Sunday September 18 2016

Industries are at risk of cybercrime, including some that may have never considered themselves as targets. PHOTO/PHOTOS.COM

Industries are at risk of cybercrime, including some that may have never considered themselves as targets. PHOTO/PHOTOS.COM  

More by this Author

Today, all industries are at risk of cybercrime, including some that may have never considered themselves as targets. The impact of a cyber-attack can be quick and damaging, extending well beyond financial implications.

Increasingly, cybersecurity is and needs to be acknowledged as an executive-level concern. It is important to explore some of the underlying fundamentals upon which cybersecurity is hinged.

The ubiquity of technology is evident in all sectors as a tool for growth and differentiation. Organisations need to think more creatively to meet the demands of an increasingly technology-enabled, self-directed environment. The potential payoff for such investments is significant – improved market competitiveness, better customer relations, added responsiveness and reliability in service delivery.

However, digitisation raises the vulnerability of organisations’ proprietary to information security breaches as mobile platforms and other non-traditional information sources increase.

It is patent that security and privacy should be a concern of top level executives. As the leader of a company, one ought to be aware of the defence strategies that are in place, and ensure that holistic approaches are taken towards ensuring security and the protection of investments. This top-down approach is crucial for success.

The nature of cybercrime calls for an “all hands on deck” approach. It can no longer be left to Information Technology administrators, but requires the adoption of an integrated approach that includes legal, audit and risk, and other players in the organisation.

Beyond security strategies, organisations require advice on regulatory compliance, and practical business experience in managing information technology risk on all aspects of information policy, security, storage and management, and issues that touch on employment.

Additionally, overcoming the lack of awareness and understanding about cybersecurity is a key component to further improving reliance and confidence in technology. Statistics show that 90 per cent of cybercrimes require human interaction before they are successful, meaning there is need for proactive measures.


With the advent of technology in Africa barely 20 years ago, our legal and regulatory frameworks are in need of major reform. In cybersecurity, we have a gap in identifying offences and their liabilities, as well as investigative and handling procedures. We can be sure that regulatory changes and matters of compliance will be the norm as we seek to administer new standards and regulations.

With the prevalence of technology and cybercrime, it is becoming increasingly vital to adopt a holistic approach to curbing cybercrime by adopting information sharing mechanisms. This requires strong collaborative relationships.

Early adopters of strategic approaches to cybersecurity need to urgently adjust internal processes and upgrade technology infrastructure to benefit from the changes reshaping the business world.

In the USA, the Cybersecurity Information Sharing Act was passed in 2015 to encourage information sharing regarding cyber threat indicators and defence mechanisms between and among private entities and federal government.

It provides for liability protections, and safe harbour provisions. By virtue of this Act, a portal is also required that will allow for the sharing of this kind of information. Such measures ensure that attacks of the same nature can be traced back to the offender through collaborative measures.

It also provides an avenue for organisations and individual consumers to be proactive about cybersecurity, rather than reacting to incidents.

As most organisations seek competitive advantage with the use of technology and data management, they need to ensure that they also take steps to capitalise on the increasing variety, volume and velocity of data by safeguarding it.

This is the only way investments can be optimised, so as to fully leverage the new sources of data, and the analysis capabilities that come with it. Organisations need to adopt clear holistic strategic approaches to deal with such cyber threats which are becoming more sophisticated.

Writer is an advocate specialising in media, telecommunications, and technology law