Brandon Faber (South Africa) - How to Lose R400 Million

Gidani (licensed operator of the South Africa National Lottery) recently came perilously close to losing its R400 million a year contract.

The reason for this near-miss was its failure to secure its business critical data (a requirement of their contract with the National Lotteries Board) – with two independent audits questioning existing measures to protect confidential data.

The much publicized data breach that led to fraudulent activity at Gidani, of course, played a crucial part in highlighting the failings of the technology and processes in place at the operator.

According to local news reports “the board initially considered revoking Gidani’s license altogether . . . but it had since decided to fine the company instead.”
That a case of poor data security nearly put Gidani out of business is by no means an isolated incident. History is littered with companies that suffered severe loss of business and damage to market reputation through breaches of confidential information – just ask SONY.

Make. Believe?

The Ponemon Institute estimates that last year’s data breach at SONY will cost the company an absolute minimum of $5.6 billion – with the majority of cost attributed to “expense outlays for detection, escalation, notification, and after-the-fact (ex-post) response” as well as the “economic impact of lost or diminished customer trust and confidence as measured by customer turnover, or churn, rates”.

$5.6 billion, R400 million a year – whatever the monetary value that is associated with data security breaches, it pales in comparison to the direct impact a failure to protect data can have on company board members in their personal capacity.

With the imminent passing of the Protection of Personal Information (PPI) bill in South Africa, board members are staring the possibility of being held personally liable in the face, with prison sentences, fines and the like on the cards should companies be found guilty of not taking appropriate steps to safeguard their business critical and confidential information.

The direct cost and personal liability to businesses and individuals alike are sure to make believers out of the once skeptical – and often reluctant acknowledgers – of the importance Governance, Risk and Compliance (GRC) plays in business operations today.

Ask the Gov

There is reluctance within organizations to take decisive action in terms of their GRC status, especially amongst IT professionals who already find their plates filled to capacity.

In order to assist companies in their quest for hassle-free compliance, Cibecs’ in-house GRC specialist, “The Gov”, is available to field any and all GRC-related questions. “The Gov” is also more than happy to share his in-depth knowledge of procedures relating to the security of mission critical data.

“We encourage companies of all sizes to get in touch with The Gov to ensure their procedures are in line, their data sufficiently protected and their business continuity planning on par with industry best practices,” says Cibecs Marketing Manager, Brandon Faber.

By Brandon Faber, Marketing Manager for Cibecs


« Stephan Berner (Middle East) - The Age of Enterprise Mobility and BYOD - Is Your Organization Secure?


David Mills (Europe) - What Will Businesses Look Like in 2020? »


Do you think your smartphone is making you a workaholic?