In June this year, South Africans got yet another taste of how destructive criminal cyber attacks can be. As the month drew to a close, the National Health Laboratory Service (NHLS) fell victim to a ransomware attack. The incident delayed the processing of millions of blood samples, affecting waiting times for patients, and by mid-July, the service’s IT systems still had not been restored.
It was the latest example of how cybercrime has become a growing problem for the public and private sectors alike. In fact, data released by cybersecurity firm Check Point shows that there has been a 37% increase in cyber-attacks across Africa over the past 12 months. The scope of cybercrime is also increasing and covers everything from online versions of traditional crimes such as fraud, theft, extortion, and child pornography as well as crimes which became possible as a result of computer usage such as hacking, phishing, and piracy, among others.
While organisations should always do everything in their power to prevent and mitigate these attacks, it is also important that they understand what legal protections are available to them. In South Africa, the most relevant piece of legislation is the Cybercrimes Act No. 19 of 2020. Officially signed into law on 1 December 2021, the Act is a comprehensive legislative response to the evolving landscape of cyber threats in South Africa. The Act’s effectiveness, however, relies on enforcement and that, in turn, relies on several factors, including implementation, international cooperation, and collaboration between the public and private sectors.
Understanding the Cybercrimes Act
Before taking a deep dive into what those factors are and how they can come together, it is worth understanding a little more about the Cybercrimes Act.
The primary objective of the Act is to create provisions and criminalise various forms of cyber-related crimes and establish mechanisms for the investigation, prosecution, and prevention of cybercrimes. It encompasses a wide range of illicit activities, including, among others, unlawful access, unlawful interception of data, unlawful interference with data and computer programs/systems as well as cyber fraud.
