The biggest gap in cyber security is not visibility but execution, according to ITR Technology, which attended the recent ITWeb CISO Retreat.
The company, an IT services provider and exclusive distributor of ManageEngine Solutions in SA, says cyber resilience requires a plan that prioritises risks, acknowledges the likelihood of a breach and ensures the organisation is prepared to respond and recover.
The retreat, themed ‘Cyber resilience in an evolving threat landscape’, brought together CISOs to network and discuss the challenges organisations face daily in protecting their assets.
Alan de Waal-Smit, head of sales at ITR Technology, said CISOs face interconnected pressures, including evolving threats, human risk, hybrid complexity, compliance and skills shortages.
“We have never spent more on security, but we have never been more exposed," he said. "Tools are not the problem; execution is.”
De Waal-Smit highlighted the tension between IT operations and security teams, describing it as a "silo problem" – one environment, two teams with conflicting priorities. IT operations focus on uptime, stability and change control, resisting anything that risks the production environment, while security operations push for speed, patching and containment to close the window of exposure.
“The attacker doesn’t care whose KPI gets bruised,” he added.
According to the IBM Cost of Data Breach Report 2025, the average breach cost in SA was R44.1 million, down 17% year on year.
De Waal-Smit also cited the Verizon Data Breach Investigations Report, which found that credential abuse was the top initial access vector for the second consecutive year, with 22% of all breaches starting with stolen or abused credentials. The report also noted that 30% of breaches involved a third party – up from 15% the previous year – and that 88% of basic web-application attacks involved stolen credentials.
Knowing where vulnerabilities exist, De Waal-Smit said, is a strategic reinforcement of cyber resilience. The solution lies in shifting from two systems of record to one system of action – one that integrates technology, people and processes.
“Detection and response should not live in different tools, different teams or different workflows,” he said. “Telemetry alone is just expensive logs. Detection without execution is just expensive telemetry. Treat IT service management as your security control plane, not your help desk. That’s where execution lives.”
When IT and security share a workflow, De Waal-Smit said, the result is threefold: faster response, less noise and real prioritisation. Threats become tickets the moment they are detected. Alerts that do not tie to an asset, owner or workflow are filtered out before they reach a human. And risk is scored against business context rather than severity in isolation.
“Organisations don’t lose because they lack tools; they lose because they lack alignment,” De Waal-Smit concluded.

