With data breaches costing companies millions every year (reaching an all-time high in 20211) and regulatory non-compliance threatening executives with fines or jail time2, it is no wonder that cyber incidents are ranked the number one risk to business in 20223.
To understand how to predict cyber threats, respond to them and minimise their business impact, companies are moving their focus from ad hoc cyber threat response to calculated cyber risk management.
Mission-critical topics such as data governance is a good case in point. Overseeing how data is protected and processed is crucial for South African organisations, especially financial services organisations that process highly confidential personal information.
When the enforcement date of South Africa’s data protection legislation, known as the Protection of Personal Information Act (POPIA), became known, a globally renowned financial services provider contacted AVeS Cyber Security to assist them with their POPIA compliance efforts.
AVeS Cyber Security’s background in IT governance and IT architecture, as well as its Gold Partner competencies in Microsoft Security and Cloud Platform, uniquely positioned the team to work alongside the client’s Risk and IT teams to fulfil their POPIA obligations.
Since the client’s board-level risk committee oversaw the project, the business goals were clear: minimise its cyber and regulatory risks by governing its confidential business data and continuing to enable its remote-working staff.
On a technical level, this meant identifying where the organisation’s data should reside and what technical controls they should put in place to protect the data’s confidentiality, integrity and availability.