The state of cybersecurity in South Africa

The state of cybersecurity in South Africa

Today 16:08

Share

The Council for Scientific and Industrial Research (CSIR) Information and Cybersecurity Centre, in collaboration with the Cybersecurity Hub under the Department of Communication and Digital Technologies, has released four national cybersecurity surveys conducted at the end of the 2023/24 financial year.

These comprehensive surveys delve into critical areas such as cybersecurity preparedness and resilience in the public sector, cybersecurity skills gaps, cybersecurity incidents and the digital identity landscape in South Africa.

As South Africa continues its rapid digital transformation, it is imperative to understand the cybersecurity challenges and opportunities facing the nation. These surveys provide valuable insights into the current state of cybersecurity in the country and offer recommendations for improvement by government and industry.

Key findings from the surveys:

Prevalence of cyberattacks: A significant 47% of organisations reported experiencing 1-5 cybersecurity incidents in the past year, underscoring the persistent threat landscape.

Data breaches: A concerning 88% of participants admitted to suffering at least one security breach with 90% of those organisations targeted multiple times.

Malware and phishing: Malware and phishing attacks emerged as the most common cyber threats with organisations reporting a high incidence of these attacks.

Cybersecurity awareness: Only 32% of respondents indicated that over half of their employees have received cybersecurity awareness training in the past year, indicating a significant gap in organisations’ seriousness about building cybersecurity awareness and culture.

Skills gap: The cybersecurity skills gap was identified as a critical challenge with 63% of cybersecurity roles partially or fully unfilled.

Talent retention: Retaining cybersecurity talent is another pressing issue with 35% of professionals citing better offers, lack of training opportunities and other factors as reasons for leaving their current positions.

Cybersecurity monitoring: Only 41% of organisations are assessing and monitoring cyber threats daily, indicating the majority are not prepared to deal with cyber threats. According to Telecom Review Africa, South Africa experiences almost over 20 million cybersecurity threats or attacks per month.

Digital identity: Financial institutions (88.0%) are considered the most important driver of the South African digital identity market. Over two thirds mentioned encryption and privacy technologies (71%) and biometrics (68%) as drivers while half reported identity theft as a serious concern that can be addressed by digital identity.

Dr Jabu Mtsweni, head of the CSIR Information and Cybersecurity Centre, emphasised the significance of these surveys: "In today's interconnected world, cybersecurity is a paramount concern. These national surveys provide a comprehensive assessment of our cybersecurity posture and highlight areas where we need to strengthen our defences as a country and they provide local and contextual research in this domain."

Dr Kiru Pillay from the Cybersecurity Hub said, while the integration of ICTs into daily life has greatly benefitted society, increased digital connectivity also introduces significant risks as cybercriminals exploit vulnerabilities in cyberspace. Therefore, cybersecurity must be prioritised as a strategic imperative across all aspects of governance and service delivery. Studies like these are crucial in helping us understand our current standing as a country and determine where we should focus our initiatives.

Recommendations

Based on the survey findings, the CSIR recommends the following actions:

Invest in cybersecurity: Increase investment in cybersecurity infrastructure, education and research.

Develop a skilled workforce: Prioritise development of a skilled cybersecurity workforce through training and education programmes.

Strengthen incident response: Enhance incident response capabilities to effectively handle cyberattacks.

Improve digital identity: Implement robust digital identity solutions to protect users online.

Foster public-private partnerships: Encourage collaboration between the public and private sectors to address cybersecurity challenges.

The CSIR believes, by addressing these recommendations, South Africa can significantly improve its cybersecurity posture and protect its critical infrastructure and citizens from cyber threats.

Methodology

The national surveys were conducted using a combination of telephone interviews and online questionnaires to reach a diverse sample of participants across South Africa. Particular focus was placed on larger provinces such as Gauteng, KwaZulu-Natal and the Western Cape to ensure a broad representation. Over 300 responses were collected for each survey, resulting in a total of over 1 200 individuals and organisations participating. This robust sample size provided a solid foundation for the survey findings and analysis.

Access the cybersecurity awareness and preparedness report here.

Sign up to receive our newsletters and magazine free - click here.

AI and ethics: Are we sacrificing morality for progress?

If AI is to become part of the mainstream, ethics must never be an afterthought

Today 11:59

IT is a strategic business investment so it needs a strategic talent pipeline

Technology is infused into every facet of our lives – in almost every sector, the rate of digital transformation is increasing exponentially

02 Oct 2024

Find the balance for GenAI usage or risk security threats, warns Kaspersky

Companies should not block their employees from using generative artificial intelligence (GenAI) but develop a comprehensive policy

30 Sep 2024

Automating with voice bots? Identify the low-hanging fruit first

Voice automation is improving daily. Just try talking to ChatGPT 4-O to see how far it has already come

29 Sep 2024

What SA auditors should know about ISO certification when auditing their telecom clients

Standardisation specialists believe telecom companies are hiding behind meaningless certification for the sake of cutting corners in governance

29 Sep 2024

Small manufacturers in Africa face critical challenges

Small manufacturers across Africa are grappling with a series of critical challenges that hinder their growth and sustainability

29 Sep 2024

Developing a digitally inclusive South Africa through education and innovation

South Africa has consistently worked towards building a more equitable and inclusive society

29 Sep 2024

The power of knowing your client

KYC provides an essential defence against illegal activities and is safeguarding organisations and their clients

29 Sep 2024

The shift toward portable digital identity is underway

Gartner predicts at least 500 million smartphone users will be using a digital identity wallet by 2026

25 Sep 2024

Cleanroom recovery is a key investment not a grudge purchase

As cyber threats continue to evolve, it is imperative to not only bolster their defences but to also develop comprehensive response strategies

24 Sep 2024

Qualcomm makes a bid to take over Intel

The conversations with Intel are at an early stage. The San Diego-based company has not made a formal offer for Intel

23 Sep 2024

New solution eases building graphical user interfaces for MPLAB Harmony v3 and Linux environments

Microchip Graphics suite enables seamless portability between Microchip product families and environments, reducing development costs 

22 Sep 2024

MagazineClick to view

EngineerIT October 2024 Issue

View PDF

EngineerIT September 2024 Issue

View PDF

Podcasts / Panels

PODCAST: Don’t create problems to justify implementation of AI
23 Aug 2024
ARMCOIL WEBINAR OCTOBER 2023
01 Nov 2023
Efficiency and Reliability: Exploring Surface & Underground MV Substations with ArmCoil on 26 October 2023.
19 Oct 2023
The importance of Metrology in manufacturing PANEL DISCUSSION
26 Aug 2023
Is it the end of the road for on-premise data centres?
24 Jul 2023
More