Each October, Cybersecurity Awareness Month highlights the urgency of defending against digital threats. In South Africa, awareness is lacking. According to IBM, in 2025, the average cost of a data breach is R44.1 million, with financial services seeing breaches cost an average of R70.2 million. Some incidents have run between R18 million and R361 million – losses that can threaten an organisation’s survival.
Training your teams is non-negotiable – but not all training is created equal. Accredited vendor training, delivered by certified partners using official Cisco, Microsoft, and ISC2 courseware, provides a standard that generic bootcamps cannot match. It ensures that curricula are up to date, instructors are certified and experienced, and learning includes hands-on labs and assessments that mirror real-world scenarios. Perhaps most importantly, it results in globally recognised certifications that both clients and regulators can trust.
By contrast, non-accredited training risks outdated content, inconsistent delivery, and a false sense of confidence. In high-risk domains like cybersecurity, those gaps can be catastrophic. Grant Hughes, founder of the ISC2 Cape Town Chapter and CISO for the GVW Group, warns that non-accredited training creates real risk for the industry by fostering misplaced trust in underqualified professionals. He notes that the market is already flooded with non-accredited trainers, and in some cases even illegal services that go as far as offering to write certification exams on behalf of candidates.
Brad Thomas, sales & marketing director at NIL Africa, reinforces this perspective: “Accredited training isn’t just about passing an exam – it’s about building real, battle-ready capability. At NIL Africa, we go beyond delivering official courseware. We contextualise the training to Africa’s unique business and threat landscape, ensuring that IT professionals don’t just learn theory but leave with applied skills that close the gap between certification and competence. That’s where the real value lies – bridging global standards with local realities so organisations can defend, comply and grow with confidence.”
The risks of skipping accreditation are amplified by South Africa’s severe skills gap. Research shows that 63% of cybersecurity roles remain partially or fully unfilled, while only 32% of organisations say that more than half their staff received security awareness training in the past year. Weak or outdated training on top of existing shortages can leave organisations exposed – slowing incident response, increasing compliance risk, and leaving persistent vulnerabilities in critical systems. Hughes likens it to trusting a doctor trained at an unauthorised institution – a risk no one would reasonably take.
For Thomas, the issue goes beyond compliance. “At NIL Africa, we believe accredited training is more than compliance – it’s a commitment to raising the calibre of cybersecurity professionals across the continent. By investing in accredited pathways, businesses protect themselves today and empower the next generation of African IT leaders for tomorrow.”
Cybersecurity Awareness Month is an opportunity to move beyond slogans and take action: audit your current programmes, partner only with accredited providers, align training with operational roles, insist on hands-on labs, and document certifications for audits, tenders and client due-diligence. Accredited training isn’t a badge – it’s insurance against disruption, fines, and reputational damage.
Ready to take the next step? Explore our Cyber Month specials on world-class accredited training at https://nil.co.za/cyber-month/.
References
The following publications provided evidence to support the importance of accredited training in cybersecurity:
IBM – Cost of a Data Breach Report 2025 (average cost of a data breach in South Africa R44.1 m, sector detail incl. R70.2m in financial services).
PwC South Africa – Global Digital Trust Insights Survey 2025: SA report (range R18 m–R361 m).
CSIR – National survey results on the state of cybersecurity in South Africa (63% roles unfilled; 32% training coverage).
Cisco – 2024 Cisco Cybersecurity Readiness Index – South Africa (readiness levels; minority at “Mature”).
Share