The onset of COVID-19 in 2020, followed closely by the 2021 July riots and the severe flooding in parts of KwaZulu-Natal have had a devastating impact on South African businesses across a range of sectors. These events, which interrupted the operational flow of businesses, led to supply chain disruptions, and caused large-scale damage to property, highlighting the vital role of effective risk mitigation strategies. The potential damage that malicious external threats pose to businesses are both significant and wide-reaching. However, it can be argued that the most costly losses are tied to human error, which can bring unexpected disruption and financial costs.
This is the opinion of Pilgrim Ngongo, Claims Specialist at SHA Risk Specialists, who explains: “In an unpredictable and volatile risk environment, managing day-to-day risks should remain a top priority for South African businesses. However, with emerging risks such cybercrime, human error remains the greatest point of vulnerability. Inadequate preparation for threats that may originate internally can lead to large, unexpected claims that could deplete a business’ insurance cover and lead to major revenue and reputational losses in the long-term.”
The cost of human error: a case in point
illustrating her point, Ngongo references the recent case of Judith Hawarden (the plaintiff) vs. Edward Nathan Sonnenberg (the defendant). Hawarden was a prospective property buyer who enlisted the services of the defendant as the conveyancing firm.
The plaintiff paid the purchase price of R5.5 million into a fraudulent bank account after her email correspondence with the firm was intercepted by a cybercriminal, having failed to recognise that the email address was not legitimate.
The court held that the dependent, as an experienced conveyancer, was well aware of the risks involved in the electronic processing of conveyancing transactions and had a fiduciary duty to guard against fraud. As a result, the defendant was ordered to pay the plaintiff the sum of R5.5 million. In this case, the liability arose from a human error by the plaintiff, but the law firm ultimately suffered the loss as a result of not having adequate cyber risk management processes in place.
Human error as a significant point of vulnerability
As cases such as these illustrate, human error poses a significant threat to businesses, especially considering that South Africa has been identified as one of the world’s most prominent cybercrime hotspots. Furthermore, according to SHA’s annual risk review report, employees are often the weakest link in the cyber security ecosystem.
As Ngongo says: “Implementing policies and procedures to bolster the cybersecurity of companies and reduce the chances of employees becoming targets for opportunistic criminals will become increasingly vital as digital transformation runs its course.”
Employee training and development are key to mitigating cyber risk
The past few years has seen a rise in human error related incidences, signaling the fact that South African business still have much ground to cover in securing their assets and operations. Given that a lack of training and development is one of the leading causes of human error, an investment into helping employees to understand the prevailing risks and how to guard against them will become increasingly important.
“Employees need to become adept at recognising phishing emails, fraudulent digital communication and scams,” says Ngongo. “This kind of training could involve teaching employees how to analyse email addresses, identify suspicious links or attachments and implement sound password protection and management practices.”
Some companies are going to great lengths to secure their businesses at the level of individual employees by training their staff to encrypt emails containing financial and other sensitive company information. Practical steps such as these will go a long way in making employees less vulnerable to attack, particularly in companies with remote or hybrid working systems.
As Ngongo concludes, “In future, artificial intelligence may very well provide solutions to flagging discrepancies and irregularities in the way employees conduct themselves online. However, cybercriminals seem to evolve and become more sophisticated in their methods as technology and digital advancements are made. It is therefore crucial for businesses to invest in the resources they need to keep abreast of industry developments and changes to the landscape of cyber risk.”