SA businesses ‘dangerously unprepared for cyber attacks’

Johannesburg, 30 Apr 2024

Kabelo Letsoalo, cyber security specialist at Cisco.

South African companies are dangerously unprepared for cyber attacks according to Cisco’s 2024 Cybersecurity Readiness Index.

The research reveals that just 5% of companies have ranked at the ‘mature’ level of readiness which is needed to be resilient against modern cyber security risks.

The Index assesses a company’s readiness across five pillars: identity intelligence, network resilience, machine trustworthiness, cloud reinforcement, and AI fortification.

Key steps business should take

Identify and address vulnerabilities: Conduct a thorough audit of current cyber security infrastructure to close gaps.
Invest in robust cyber security: Increase investment in protective measures, adopting a platform approach for maximum effectiveness.
Stay updated: Keep abreast of the latest GenAI technology to enhance security and operational resilience.
Enhance team skills: Boost recruitment and upskilling efforts to fill cyber security talent gaps.
Continuously reassess readiness: Regularly evaluate preparedness and establish a baseline level of readiness.

These areas are comprised of 31 corresponding solutions and capabilities. It is based on a double-blind survey of over 8 000 private sector security and business leaders across 30 global markets conducted by an independent third party.

The respondents were asked to indicate which of these solutions and capabilities they had deployed and the deployment stage. Companies were then classified into four stages of increasing readiness: beginner, formative, progressive, and mature.

Overall, the study considers key measurements such as anticipation of cyber security in, effectiveness of multipoint solutions, device management issues, skills shortages, and others.

According to Cisco, all these elements have a key impact on how responsive companies can be in the face of cyber attacks.

Kabelo Letsoalo, cyber security specialist at Cisco, said, “Today’s cyber security threats demand companies be prepared for potential breaches. The Index assesses preparedness, empowering them to adapt their cyber security infrastructure. Organisations need to prioritise investments in integrated platforms and lean into AI to operate at machine scale and finally tip the scales in favour of defenders.”

Cisco said the second edition of the annual Index was developed to measure companies’ level of preparedness against cyber attacks in an era of hyperconnectivity and a rapidly evolving threat landscape, as a variety of techniques ranging from phishing and ransomware to supply chain and social engineering attacks continue to threaten businesses.

From a South African point of view, nearly 73% of companies indicated that they anticipate a cyber security incident could disrupt their business in the next 12 to 24 months.

Cisco said the challenges are compounded in distributed working environments where data is spread across limitless services, devices, applications, and users. Adding to this, only 31% companies feel very confident in their ability to defend against a cyber attack with their current infrastructure.

“We can’t underestimate the threat posed by overconfidence,” said Letsoalo. “To counter the challenges in today's threat landscape, companies should assess their level of readiness and increase investment in security by adopting innovative solutions accordingly. As cyber threats continue to evolve, cybersecurity practices need to evolve with them. The biggest risk to South African companies is not so much the threat itself, but rather remaining complacent in the face of rapidly advancing cybersecurity developments.”