From the urgent need for businesses to move beyond the outdated view that cyber security is merely ‘an IT problem’ to the far-reaching impacts of AI, Africa’s cyber security landscape is rapidly evolving.
Speaking to ITWeb TV during ITWeb Security Summit 2025 in Johannesburg, Samantha Hanreck, associate consultant for AI business strategy at the Cyber Security Institute, said traditional corporate mindsets and approaches to cyber security are no longer effective.
She said, traditionally, cyber security was always seen as an IT problem – not a business-wide concern. "But every department now uses some form of a SaaS system, or computer database or email. So, it is an ‘every department problem’ and unfortunately the traditional way of doing things is not keeping up with the automation and the AI components that are out there right now.”
AI’s ongoing impact on cyber security remains a topic of discussion and deliberation, with focus now on how various markets globally are approaching regulation and control.
Rejoice van der Walt, CEO & co-founder, AI Nexus Research, Training and Consultancy, said the US’ approach to AI regulation and policies is driven by the markets and innovation. “This is because most of the AI or AI systems that are produced, the public is the main consumer. However, when it comes to sensitive areas like cyber security and defence, they have very stringent regulations.”
China, on the other hand, has a different approach and is state-centric when it comes to AI systems. “It is the state that is controlling everything… they want to make sure that their socialistic values are respected.”
Of course, AI is not just being used in cyber attack and defence but also in the supporting ecosystem. Zamani Ngidi, business unit manager, M&A & cyber solutions, Aon South Africa, outlined how it’s being used in cyber insurance.
“We are seeing a lot more use cases within our organisation, chatbots that provide contextualised advice around policies, what kind of coverage is appropriate. All that information is effectively still being vetted by a real person who’s actually qualified to provide that advice. Over the long term, what they are trying to do is train these models to be a lot more concise and specific. AI is changing the landscape of how a lot of fintechs – even the traditional brokers – incorporate it to get better operational efficiency. Going forward, use cases are going to change. This is kind of the early, low-lying fruit we can see.”
Africa’s unique position
Gilbert Nyandeje, founder and CEO of the Africa Cyber Defense Forum, a platform for public-and private sector collaboration around the continent’s growing cyber security ecosystem, said while ransomware remains a constant threat to Africa, the continent’s mobile money booming ecosystem have also become an attractive target.
This brings into question the level at which Africa has progressed in terms of its cyber readiness.
“There’s a lot of work being done by a number of African countries, for example the legal frameworks for data protection. But again, there is still a lot ofgaps in terms of readiness in some organisations. For example, some organisations on the continent are still using Gmail without two-factor authentication. You find small and medium-sized businesses that don’t even have proper cyber hygiene. This just makes the threat landscape wider.”
Nyandeje believes that the impact of AI has only escalated the need for cyber security awareness and training, with phishing and social engineering attacks heightening the sense of urgency.
A big part of this discussion involves the application of technology – including AI – to fully automate and decentralise processes, such as digital identification management.
On the subject of decentralised identity, Tope Olufon, senior analyst at Forrester, said it removes the need to constantly verify identity. “It condenses the number of steps and cyclical processes inherent in traditional identity verification systems.”
Essentially, this means all processes are moved to a decentralised system, abstracted and made to work faster, but still securely – including with multifactor authentication (MFA).
“Decentralised identities will not necessarily replace MFA, it will work with things like MFA,” Olufon noted. “Decentralised identity, at its core, is basically reducing the friction and inflexibility inherent in identity, while simultaneously working with improved security systems.”
ITWeb TV interviews from the Security Summit 2025
A key takeaway from the 20th annual Security Summit is that business leaders must prioritise security while balancing operational needs in an increasingly digital and AI-driven world.
To check out the full playlist of over 30 interviews, recorded on the sidelines of Security Summit 2025, click here.
Share