South Africa's banking and insurance sectors are overwhelmed by cyber attacks

Of all South African banks, the survey shows that only 18 have put up email defense mechanisms that ward off 100% of phishing attempts.
Swamped up.
Swamped up.
We may earn a commission from links on this page.

It’s good news for South Africa’s economy that the banking and insurance sectors are growing, but bad news that the risk of cybercrime is on the rise including on financial services apps.

Survey findings released on Sept. 8 by Armenian-founded cyber defense firm EasyDMARC indicate that close to 50% of South Africa’s insurance companies are unprepared to deal with rising cases of email phishing while banks are struggling to ward off spoofing attacks. DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a technical cybersecurity standard for protecting senders and recipients of emails from attacks.

A rebound in economic activity saw South African banks record net profit increases of between 95% and 224% in 2021, making it even more attractive to hackers. Total banking assets in the country grew by 16.36% to hit $388.2 billion at the end of March 2020.

South Africa is unprepared for cyberattacks in financial services sectors

“Out of 35 South African insurance companies, only 18 have a DMARC policy deployed for email authentication. This means only 51.42% of insurance companies are prepared against phishing, spoofing, and spamming attacks attempted in their name,” the report says.

Of all South African banks, the survey shows that only 18 of the 38 banks using the firm’s services have put up email defense mechanisms that ward off 100% of phishing attempts. An EasyDMARC representative told Quartz that higher cybersecurity budgets alone cannot win the war against cybercrime, as attacks have become more sophisticated.

“While the email security budget is growing, the effort on the part of bad actors increases as well. Staying on top of cybersecurity threats demands smart strategy and thinking ahead,” the research team says.

Insurer Liberty Holdings’s shares fell by 5% after a cyber breach incidence. According to GIB Group which offers personal cyber insurance in South Africa, banking app losses increased by more than 88% in 2020 to an average loss of $820 per transaction.

According to a 2021 Interpol report (pdf), South Africa tops Africa in cyber threats, and is third in the world, with 230 million threats detected last year. Out of these, 219 million threats were related to emails.

“The country has seen a 100% increase in mobile banking application fraud and is estimated to suffer 577 malware attacks an hour,” Interpol states. Accenture estimates that South Africa is losing $127 million a year to cybercrime and also has the highest targeted ransomware attempts in Africa.

A thriving banking sector is attracting bad actors

Last March, the South African branch of TransUnion credit organization lost 4 terabytes of customer data, putting millions of clients at risk of identity theft. It also received a ransomware demand of $15 million.

South Africa will also need to look for cyber mechanisms to protect its retail industry which is also a high target by ransomware groups in the world, with a Sept. 8 report (pdf) by British cybersecurity firm Sophos showing that in 2021, the average ransom payment rose by 53% (pdf) to $226,044 from $147,811 in 2020.

“Only 28% of retail organizations targeted were able to stop their data from being encrypted, suggesting that a large portion of the industry needs to improve their security posture with the right tools and appropriately trained security experts to help manage their efforts,” Chester Wisniewski, principal research scientist at Sophos tells Quartz.

A cyber monitoring center is under development in Togo to protect the continent’s cyberspace, but South Africa will have to double its individual efforts in attaining internet security. The country needs a robust cyber defense governance policy, more public awareness on cyber threats and, training of cybersecurity professionals.