The Cybercrimes Act, which is yet to enter into force, provides key definitions of cybercrimes, cyber-dependent and cyber-enabled crimes; guidelines for gathering evidence; deals with issues of jurisdiction; and sets out obligations for electronic communications services providers and financial institutions, research and policy nonprofit organisation Institute of Security Studies senior research adviser Karen Allen points out.

President Cyril Ramaphosa has signed the Bill into law, but the Act will only come into force on a date still to be proclaimed in the Government Gazette.

The Act,  provides an arsenal of offences that can now be prosecuted in terms of the legislation, including theft of incorporeal, which has been defined in the Act in terms of common law.

It also enables criminals to be prosecuted, for example, for stealing the data in a database, risk and assurance advisory firm Vizstrat Solutions CEO, cybercrimes trainer, cybercrimes investigator and advocate Jaqueline Fick adds.

"The Act is also full of mentions of traditional crimes that are committed through means of or facilitated through the use of an electronic article, such as to commit fraud. Articles are also described in the Act and include most electronic devices that can be used to commit cybercrimes.

"This is valuable because it provides a way to deal with cases that include these elements. You will not get a case through court without a sound knowledge and tools to deal with digital evidence," she says.

Fick states that the level of experience in dealing with cybercrime detection, reporting, investigation and prosecution also needs to improve.

The Act directs that law enforcement be capacitated to be able to prevent, detect, investigate and prosecute cybercrime matters.

"[It] also provides a powerful boost for public-private partnerships to enable the implementation of the law, including allowing the use of a fit and proper person to help a police official investigate and conduct search and seizures.

"This partnership will help to address the immediate skills gap. Cybercrime is a problem now and training to the level of expertise required for certain functions and to collect digital evidence takes time and we have to deal with the immediate threat."

Such a partnership not only provides immediate benefits, but also contributes to skills transfer and development.

Further, Fick's experience shows that there are pockets of excellence within South Africa's law enforcement that has contributed to significant results in the successful prosecution of cybercrimes.

South Africa should look at what these pockets of excellence did right and how to duplicate and roll them out as far as possible, she suggests.

"We need to develop case law and test various elements of the Act. We need to work with the Act," she states.

Meanwhile, the Act directs that standard operating procedures be drafted to enable the police to do searches and collect digital evidence in such a way that the nature, reliability and integrity of the evidence needs to be present for a judge to admit it in a court of law.

"Technology plays an extremely important role in what we need to do to get up and running to enforce the Act. The focus is on the designated point of contact, which must include a big technology component.

"The designated point of contact is envisaged to be part of the police and should be the point to provide assistance for search and seizures, expedited requests for information and mutual legal assistance. It must serve as a hub in terms of the Act."

Section 54 of the Cybercrimes Act sets out the suggested systems to deal with reporting of cybercrime matters and incorporated into that sphere is the designated point of contact. The first reason is economies of scale, and a team cannot do cybercrime investigations without an intelligence component and there is no actionable intelligence without good data. Combining data, therefore, is important for its function, says Fick.

The second priority is to develop standard operating procedures and practical guidelines for how police should interpret search and seizure warrants under Chapter 4 of the Act, and the right and wrong ways to seize digital evidence and articles.

The third priority to develop capacity to enforce the Act should be how to effect international cooperation. The speed of cybercrimes and the fragility of digital evidence means it is extremely important to have cooperation and spontaneous communications practices in place, or enforcement will continuously lag cybercriminals, she says.

Additionally, the Act provides harsher penalties for aggravated offences, such as those that attack restricted systems, such as those in financial institutions or organs of State. If the crime endangers the lives of people, such as an attack on a healthcare system, the aggravated offences carry much heavier sentences.

Further, the Act also deals with malicious communications, including incendiary and threatening messaging and distribution of images. Section 16 and provisions under Sections 20 to 22 deal with sexual offences and provide explicit support and recourse for victims, especially child victims, by ensuring that, even if someone is not found guilty, the court procedures will be converted to a harassment suit through which the victim can interdict the perpetrator, and includes compensation for legal costs.

"There are new permutations of cyber-offences almost each second, and the law aims to define general types of offences that prosecutors can use to formulate a charge sheet. The Act provides broad categories of offences and presents prosecutors with reasonable opportunities to put cases through courts successfully," says Fick.