SA’s digital economy is booming. It will be a trillion-rand engine of growth by 2030, powered by the relentless advance of AI, the internet of things and fintech.
But this vibrant digital frontier carries a dark underbelly: a surging tide of cyber threats that cost our businesses a staggering R22bn in 2023 from ransomware alone, not to mention a colossal data breach exposing 7-million consumers.
For SA enterprises cybersecurity isn’t just an IT issue; it’s a fundamental strategic imperative — the very bedrock of trust, innovation and our nation’s economic resilience. It’s time to move beyond reactive firefighting and embed cyber defence into our business DNA.
The uncomfortable truth is that our high internet penetration (74%) and reliance on digital financial transactions (90%) make us a magnet for cybercriminals. Add to this the volatile mix of sociopolitically motivated hacktivism and the inherent risks in our extensive global supply chains — connecting us to 180 countries – and the threat landscape becomes alarmingly clear.
The clock is ticking: the Joint Standard on Cybersecurity & Cyber Resilience, which came into effect on June 1, isn’t just another regulation; it’s a wake-up call. Financial institutions face hefty fines (up to R10m) for failing to integrate cyber risk into their core strategies. But this is about more than compliance. Robust cybersecurity is the launch pad for leading digital transformation, competing on the global stage.
Globally, the cyber arms race is escalating. AI-driven attacks, chameleon-like in their ability to evade defences, are set to cause 30% of breaches by 2027. The widespread adoption of hybrid cloud models (60% of enterprises) opens new, often misunderstood, vulnerabilities. And on the horizon quantum computing looms, threatening to shatter encryption standards by 2030, if not sooner. Meanwhile, ransomware as a service has democratised sophisticated attacks, fuelling a 20% spike in global incidents since last year. Compounding these risks locally is a critical skills gap: a mere 15% of SA firms employ dedicated cybersecurity staff.
The battle plan should be the following:
- Adopt a truly proactive, not reactive, stance. Outdated cybersecurity is a liability. Businesses must actively harness threat intelligence and conduct relentless vulnerability assessments. With a shocking 80% of local firms underestimating their cyber risk, rigorous audits aligned with the Joint Standard’s 60 requirements are no longer optional.
- Invest in our people. Human error remains the gateway for 70% of breaches; phishing alone accounted for 40% of SA incidents in 2023. Training isn’t a tick-box exercise. It must be continuous, engaging and address the realities of social engineering and widespread remote work.
- Aggressively harness advanced technologies. AI isn’t just for the attackers; it can revolutionise threat detection. Zero-trust frameworks are vital for mitigating insider threats. Our burgeoning fintech sector, which attracted R15bn in 2023, can lead the way with blockchain-based security solutions.
- Build ironclad incident response plans. A 2023 breach affecting 20-million customers was a stark reminder of how quickly a crisis can escalate. The Joint Standard’s mandate for 72-hour regulator notifications is just the starting point. Transparent, swift communication during a breach is paramount for maintaining customer trust and rigorous, regular drills are essential to ensure these plans work under pressure.
- Foster radical collaboration. Cybersecurity is not a solo sport. A 2023 collaborative effort in the banking sector cut fraud by 15% — a testament to collective strength. Cross-sector forums, aligned with pan-African data protection standards such as those under the African Continental Free Trade Area are critical, especially for the 70% of our firms exporting services. Globally, 80% of large firms leverage threat-sharing platforms; this must become our local norm to protect critical infrastructure.
Inaction is a luxury SA cannot afford. The Joint Standard is a catalyst, but the real prize is a resilient, innovative, and inclusive digital future. It’s time for SA businesses to step up, invest strategically and lead the charge in securing our digital destiny.
• Wilson is EY SA cybersecurity leader.
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.