Major cyberattack risks for businesses in South Africa

 ·1 May 2024

South African businesses are less prepared for a cyberattack than a year ago.

According to the 2024 Cybersecurity Readiness Index by Cisco, only 5% of South African companies have ranked at the ‘Mature’ level of readiness, which is required to be resilient against modern cybersecurity risks – sown by 19% year-on-year.

The Index looks at a company’s readiness across five key pillars: Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement, and AI Fortification.

The study uses a survey with responses from 8,000 private sector security and business leaders across 30 global markets, with companies classified into four categories – Beginner, Formative, Progressive, and Mature.

“Today’s cybersecurity threats demand companies be prepared for potential breaches. The Index assesses preparedness, empowering them to adapt their cybersecurity infrastructure,” said Kabelo Letsoalo, Cybersecurity Specialist at Cisco.

“Organisations need to prioritise investments in integrated platforms and lean into AI to operate at machine scale and finally tip the scales in favour of defenders.”

The second edition of the index was developed amid a rapidly changing threat landscape, with techniques ranging from phishing and ransomware to supply chain and social engineering attacks.

73% of companies in South Africa said that they expect a cybersecurity incident could disrupt their business in the next 12 to 24 months.

This is compounded in distributed working environments where data can be spread across limitless services, devices, applications, and users.

On top of this, only 31% of companies feel very confident that they will be able to defend against a cyberattack with their current infrastructure.

“We can’t underestimate the threat posed by overconfidence,” said Letsoalo.

Preventative steps

Cisco thus provided five steps businesses can use to protect themselves from cybersecurity threats in the South African context:

  •  Identify and assess vulnerabilities: By conducting a comprehensive audit of their current cybersecurity infrastructure, businesses can assess and close vulnerability gaps within their existing infrastructure and networks.

  • Investing in acceptable cybersecurity infrastructure: Companies could accelerate investment in protective cybersecurity measures across the board, such as adopting a platform approach to ensure all products in the security stack can be leveraged to their maximum ability.

  • Stay in the know: By keeping up with new trends in generative AI technology, cybersecurity leaders can leverage emerging technology and improve security programs.

  • Upskill teams for greater resilience: Companies should ramp up the recruitment and upskilling of inhouse talent to close cybersecurity talent gaps, while still leveraging AI, automate tasks and external cybersecurity.

  • Continuously re-evaluate readiness: Frequent re-evaluation allows businesses to stay one step ahead of threats and improve their cybersecurity infrastructure as threats become more advanced.

“As cyber threats continue to evolve, cybersecurity practices need to evolve with them. The biggest risk to South African companies is not so much the threat itself, but rather remaining complacent in the face of rapidly advancing cybersecurity developments,” said Letsoalo.

Read: South Africans have the worst screen time in the world

Show comments
Subscribe to our daily newsletter