(a) and (b) According to the South African Police Service (SAPS) Crime Administration System Investigation Case Docket Management System (CAS/ICDMS), no reference is made to a crime type referred to as "cybercrime". However, provision is made for common law and statutory offences, relating to the description of cybercrime.
The Directorate for Priority Crime Investigation (DPCI) classifies cybercrime as any unlawful act that is facilitated by, or involves the use of electronic communications and/or information systems as an instrumentality, thereby including cyber “enabled" and "depended" crime. The DPCI addresses National Priority Offences, in particular cybercrime, through the e-commerce (banking) and broader organized crime platforms.
The National Cybersecurity Policy Framework (NCPF), which was approved by Cabinet, in December 2013, defines cybercrime broadly as “...illegal acts, the commission of which involves the use of information and communication technologies".
In terms of the current South African Legislative landscape, in particular the Electronic Communications and Transactions (ECT) Act, 2002 (Act No 25 of 2002), cybercrime is not clearly defined, instead referring to unlawful and intentional access and intrusion.
The proposed legislative framework, relating to the Cybercrimes Bill, adopted in the National Assembly, will ensure the categorization of cybercrime types and specified offences, which would be defined on the CAS/ICDMS as “specified cybercrime categories and specified offences".
In the 2017/2018 financial year, the DPCI received a total of 85 cybercrime investigations, of which 39 can be classified under e-commerce and 46 under organized crime. During the same period, the DPCI provided digital forensic support in 1 277 investigations, by examining a total of 4 234 electronic exhibits, allegedly involved in the commission of serious crime. The number of cybercrime cases reported to both Crime Intelligence Cyber Collection and Cyber Forensics, for 2017/2018, is 1 279.
The total cost, in each case, cannot be provided at this point, as the individual case dockets will have to be scrutinized to determine, what is in many instances, an estimated financial implication. It should be noted, however, that although victims often incur significant actual or potential financial prejudice, as a result of cybercrime, reputational damaged has, in many instances, proven to be even more significant.
Reply to question 77 recommended