Does South Africa rank third in the world for online crime, losing R2.2bn a year?

Comments 2

Claim

South Africa has the third highest number of cybercrime victims worldwide, losing about R2.2 billion a year in cyber attacks.

Source: Timeslive (June 2018)

unproven

Verdict

Explainer: No reliable data exists to support these claims.


News site Timeslive has painted a grim picture of online crime in South Africa.

“South Africa has the third highest number of cybercrime victims worldwide, losing about R2.2-billion a year in cyber attacks,” it said in a June 2018 article on digital security.

It attributed this to the South African Banking Risk Information Centre (Sabric), an organisation that fights organised crime in banking.

Is using the internet this risky in South Africa? And do online attacks cost the country billions a year?

Figures contained in a 2013 report

Sabric “has never made a public statement about South Africa having the third highest cybercrime victims in the world, or that cybercrime victims in South Africa are losing about R2.2 billion a year to cyber attacks,” spokesperson Louise Tordiffe told Africa Check.

She said the organisation did not have enough information on the number of victims, as many crimes were not reported.  

The Timeslive story was based on a press release by public relations firm I Heart PR. The firm provided four news articles as the source of its numbers.

All circled back to Sabric but one, by BizConnect, attributed the numbers to a report by digital security company Norton.

Report from online survey of 500 South Africans

Jennifer Duffourg, who oversees Norton’s annual reports on cybersecurity, shared a presentation of the firm’s 2013 report.

The report said 73% of South Africans were victims of cybercrime in 2013, the third highest rate in the world after Russia (85%) and China (77%). It estimated the cost of cybercrime in South Africa at US$300 million, or about R2.9 billion at 2013 exchange rates.

The data was collected from an online survey of 13,022 adults aged 18 to 64 in 24 countries, from 4 July 2013 to 1 August 2013. In South Africa, 500 people who owned at least one mobile device were polled, Duffourg said.

Identifying cybercrime experiences

The survey asked people to identify if they had experienced different types of online crime. The examples they were given included:

  • Computer viruses or malicious software appeared on my computer.
  • I responded to a forged, “spoofed” or fake email or website which captured my personal details such as passwords, credit card numbers, or bank account information thinking it was a legitimate request in order to access information or provide information to a legitimate organisation, such as my bank, etc.
  • I experienced identity theft.
  • I experienced online credit card fraud.
  • An app appeared on my smartphone that I didn’t download.
  • My smartphone was lost or stolen and someone found it and used it without my permission.

‘The field is moving too fast’

Duffourg noted that “this data would now be considered out of date as the survey was carried out five years ago”.

She said Norton’s most recent survey was from 2016. It showed “overall, 67% of South Africans have experienced some form of online crime – compared to 48% globally”. It raised the annual cost of online crime to R35.2 billion.

But South Africa was not ranked that year as it was surveyed six months after other countries, she said.

Reinhardt Botha, a professor in technology at Nelson Mandela University (NMU), told Africa Check it would be impossible to tell if the ranking were reliable without knowing the full methods the researchers used.

How the people in the survey were chosen would be significant, he said. “If approaches were made in places where victims of cybercrime, or even people interested in cybercrime, hang out, there may be a selection bias. If not done properly respondents can be primed to provide answers in a certain direction.”

“What I do know that even if it was 100% accurate in 2013, five years later it will not be accurate anymore – the field is just moving too fast.”

South Africa’s ranking ‘looks like an urban legend’

Arthur Goldstuck, managing director of technology research company World Wide Worx, referred Africa Check to a 2018 report by Symantec.

This ranked South Africa first for email phishing in 2017 and eighth for spam. But the country does not feature in the top 20 for overall cybercrime. (Note: While Symantec owns Norton, the 2018 report does not poll users directly and relies on data gathered remotely, Duffourg said.)  

“Some [reports] cite the Federal Bureau of Investigation, but don’t offer a credible source, and also differ on the ranking,” Goldstuck said. “Ultimately, our third-placed ranking looks like an urban legend, which has been quoted often enough for people to assume it to be fact.”

What of the billions of rands in losses?

Sabric spokesperson Tordiffe said the R2.2-billion a year figure “was a misquote that occurred some years ago, and keeps being re-used”.

“Regrettably, once information is on the internet, it is there permanently, and Sabric has no control over this.”

Botha, the director of NMU’s Centre for Research in Information and Cyber Security, said that while the amount does not seem “completely out of the way”, it “is notoriously difficult to estimate … as disclosure of losses is not always made”.

“What is a fact is that cybercrime is growing and that we indeed need greater precautions.”

Conclusion: No reliable data on South Africa’s global cybercrime ranking or cost

A news site claimed South Africa had the third highest number of cybercrime victims worldwide and lost about R2.2 billion a year in cyber attacks.

The global ranking was traced to a report by digital security firm Norton which surveyed 24 countries. The R2.2 billion figure comes from an incorrect quote made years ago and repeated online.

As the money lost is not always disclosed, it’s difficult to know how much cybercrime costs South Africa.

While we rate this claim as unproven, analysts say the cost of online crime in the country is likely much higher.

Edited by Lee Mwiti

 


Further reading:

 

© Copyright Africa Check 2017. You may reproduce this piece or content from it for the purpose of reporting and/or discussing news and current events. This is subject to: Crediting Africa Check in the byline, keeping all hyperlinks to the sources used and adding this sentence at the end of your publication: “This report was written by Africa Check, a non-partisan fact-checking organisation. View the original piece on their website", with a link back to this page.

Comment on this report

Comments 2
  1. By Colin Macguire

    Thank you. Iw as about to use some of the statistics I found online in a business case and had I not stumbled upon this article I may very well have ended up with egg on my face.

    vote
    Reply Report comment

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Africa Check encourages frank, open, inclusive discussion of the topics raised on the website. To ensure the discussion meets these aims we have established some simple House Rules for contributions. Any contributions that violate the rules may be removed by the moderator.

Contributions must:

  • Relate to the topic of the report or post
  • Be written mainly in English

Contributions may not:

  • Contain defamatory, obscene, abusive, threatening or harassing language or material;
  • Encourage or constitute conduct which is unlawful;
  • Contain material in respect of which another party holds the rights, where such rights have not be cleared by you;
  • Contain personal information about you or others that might put anyone at risk;
  • Contain unsuitable URLs;
  • Constitute junk mail or unauthorised advertising;
  • Be submitted repeatedly as comments on the same report or post;

By making any contribution you agree that, in addition to these House Rules, you shall be bound by Africa Check's Terms and Conditions of use which can be accessed on the website.

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.