PFMA 2019-20 Report

101 on national and provincial audit outcomes Cybersecurity posture (strength) at 64 national departments, provincial departments and public entities where network security reviews were performed A significant increase in internet access combined with a growing reliance on e-governance, commercial services, social networks and the ‘internet of things’ (a system of interrelated, internet-connected objects that are able to collect and transfer data over a wireless network without human intervention) has increased the cyber-vulnerability of both citizens and governments. Although cyber-incidents moved down two places due to the covid-19 pandemic (according to the Allianz Global Corporate & Speciality risk barometer published in 2021), it is still ranked as the third-highest business risk facing businesses in South Africa and globally. Similarly, auditees are facing a growing number of cyber-challenges, including larger and more expensive data breaches, an increase in ransomware and business email compromise (spoofing) incidents, as well as the prospect of litigation after a major security breach. Three of the 64 auditees (5%) audited, experienced security breaches in 2019-20. CYBERSECURITY Strong Moderate Weak MAIN CONTRIBUTORY FACTORS TO WEAK IT SECURITY CONTROLS • Long-standing shortage of IT security skills and appropriate budget allocation. • Ageing/redundant IT infrastructure and lack of adequate investment in defence mechanisms. 41% (26) 53% (34) 6% (4) IT security controls