What is the Cybercrimes Act?
On the 26th of May 2021, South African president Cyril Ramaphosa signed the Cybercrimes Act 19 of 2020 into law. The Act became legally enforceable on the 1st of December 2021.
The Act is designed to curb the growing threat of cybercrime – defined as any criminal activity carried out by means of computers or the internet – by empowering law enforcement to better detect, arrest and prosecute cybercriminals. The Institute for Security Studies praised South Africa’s Cybercrimes Act, stating that it “signals the country’s commitment to global cyber security.”
Cybercrime Definition and Types of Cybercrime
Broadly, cybercrime refers to criminal activity that uses a computer, a computer network or a networked device to commit (or a criminal activity that targets them to in order to commit crime).
The more precise definition of cybercrime within a particular country is determined by national legislation, and therefore varies from country to country. South Africa’s Cybercrimes Act adopts a fairly broad definition which includes but is not limited to:
The unlawful access/interception of data (commonly known as hacking); the possession of illegal tools used in the commission of cybercrimes; illegal interference with software/hardware systems; cyber fraud; cyber forgery; and malicious communications (a broad term that includes the distribution of data messages with the intention to cause property damage, incite violence, or threaten a person or group of persons).
The Cybercrime Act’s definition of a ‘person’ as both natural and juristic means that the legislation can be applied to both ordinary citizens and organisations.
Cybercrimes Act Punishments – Fines and Prison Sentences
Legal punishments for breaching the Cybercrimes Act are severe. Although the Act does not specify the exact amounts individuals or businesses can be fined, prison sentences range from one to fifteen years depending on the cybercrime.
3 Types of Cybercrime – And How the Cybercrimes Act Addresses Them
The Cybercrimes Act intends to “create offences which have a bearing on cybercrime”. The Act outlines several specific criminal offences that all fall under the broad concept of cybercrime. These include…
1. Malicious Communications: The Cybercrimes Act criminalizes malicious communications by making it illegal to send “harmful messages”. According to the Cybercrimes Act, harmful messages are those that…
- Incite violence or damage to property
- Threaten persons with violence or damage to property
- Contain an intimate message and/or photograph sent without the subject’s consent
The criminalization of malicious communications empowers South African law enforcement to clamp down on various forms of blackmail, such as those that threaten to make intimate photographs of a person public without their consent.
2. Data Security and Data Protection: The Cybercrimes Act criminalizes the unlawful access, interception and interference of data. Essentially, this criminalizes any attempts to illegally access, view, or copy data off data storage mediums and computer programs and systems.
South Africa’s efforts to protect data has been defined by two pieces of legislation: the Protection of Personal Information Act (POPIA), which makes businesses adopt proper data handling and storage protocols, and the Cybercrimes Act, which criminalizes any attempts by individuals and organizations to access this securely stored data. Ultimately, the combined effects of POPIA and the Cybercrimes Act means that South Africans’ data is better legally protected than ever before.
3. Cyber Fraud: Finally, the Cybercrimes Act criminalizes cyber fraud, which it defines as “any fraud committed by means of data or a computer program, or through the interference with data or computer systems.” Furthermore, the Act criminalizes the intention to defraud under the Cyber Forgery and Cyber Uttering clauses. The creation of these three new criminal offences is a vital step in the fight against South Africa’s shockingly high levels of fraud and economic crime.
SA is a “Testing Ground” – Rising Fraud and Economic Crime
Cybercrime statistics worldwide have reached shocking new heights. According to a 2020 report by McAfee, cybercrime costs the global economy $945 billion every year – a 215% increase compared to 2013. If the additional costs of fighting cybercrime are considered, then cybercrime costs the global economy over $1 trillion a year.
Although this is a global threat, South Africa faces its own issues. According to a 2020 report by Accenture, South Africa has the third-highest number of cybercrime victims in the world, due partly to South Africans being generally inexperienced internet users who fail to adequately protect themselves online and remain dangerously ignorant of cyber-related crime and threats. South Africa’s reputation as an easy target for cybercrime has gotten so bad that the country has become a testing ground for malware before it is deployed in other nations.
Why Regulatory Compliance, Risk Management and Due Diligence are so Important
In this environment, it is essential to adopt sufficient risk management strategies to address the threats posed by cybercrime (and economic crime more generally). Compliance with laws and regulations not only protects the business from the threats of economic crime, but also gives the consumer greater peace of mind as they are able to transact in a safer environment less prone to financial crime.
As South Africa’s leading provider of world-class due diligence and remote-onboarding solutions, ThisIsMe is proud to be at the forefront of a trust-based and privacy-compliant digital world. To experience our full suite of advanced due diligence services and see how we can help you combat the threat of economic crime, contact our team here.
