ITWeb, in partnership with MTN Business, ran a survey on cyber security to gain a better understanding of how South African businesses are managing their cyber security posture. The aim was to find out where local companies are going for information about cyber security best practice, as well as the challenges they face.
A total of 180 valid responses were captured, with 59% of respondents being at executive or middle management level. Almost half (42%) of respondents came from the IT sector.
David Behr, executive: Group Enterprise Business at MTN Business, says: “The survey highlights a cyber security landscape where operational leaders, particularly IT managers and CTOs, play a central role in decision-making, with growing executive involvement. While most organisations express confidence in their ability to respond to cyber threats swiftly, this optimism should be tested through regular drills. Internal teams, vendors and online communities are the main sources of cyber security knowledge, though more structured guidance is needed.
“Phishing, compliance and data breaches remain top concerns, prompting widespread adoption of multifactor authentication (MFA), albeit with continued reliance on traditional VPNs. Integration challenges, cost and complexity are key barriers to adopting new tools, suggesting a need for user-friendly, scalable solutions. Planned investments in threat detection, cloud security and identity management reflect current priorities, while future needs point to increased automation, complexity and compliance demands as businesses grow.”
Key findings
Just over half (59%) of all survey respondents said their IT manager or CTO was primarily responsible for making cyber security purchasing decisions, while a third (31%) said their CEO or executive leadership made those decisions. Six percent of respondent companies had a procurement team. “The strong role of IT managers and CTOs in cyber security purchasing reflects operational ownership, while executive involvement signals growing strategic importance,” says Behr.
While the majority of respondents (86%) were confident their organisation could detect and respond to a cyber attack within 24 hours, Behr adds that while this is promising, it should be validated through regular testing and simulations.
The three top sources of information or updates about cyber security best practices were cited as: internal IT teams (63%); security vendors (62%); and online forums or communities (62%). “The reliance on internal teams and vendors is expected, but the equal use of online forums highlights a need for more structured, vetted information sources,” he suggests.
Phishing attacks were cited as the primary cyber security challenge faced by respondent organisations at 65%, followed by compliance with regulations (47%) and data breaches (44%). Behr says this finding underscores the need for user education, regulatory alignment and robust data protection.
Respondent organisations say they manage access to their network and applications via: MFA at 77%, traditional VPN (54%) and single sign-on (44%). “Widespread use of MFA is a positive sign, though continued reliance on VPNs suggests an opportunity to modernise towards zero-trust models.”
Primary concerns cited by survey respondents when considering the adoption of new security services and tools were ranked as follows:
- Integration with existing systems (73%)
- Cost of deployment and maintenance (68%)
- Implementation complexity (62%)
- User experience and productivity impact (55%)
- Scalability and flexibility (53%).
Behr advises that as integration, cost and complexity are key barriers, ease of deployment and user experience must be prioritised in security solutions.
Asked which cyber security capabilities they planned to invest in over the next 12 months, respondents cited threat detection and response (57%), cloud security (56%), identity and access management (52%), employee training and awareness (50%) and compliance and audit tools (48%). Behr says this finding aligns with current threat trends and digital transformation priorities.
Finally, the top three ways in which respondents expected their cyber security needs to change as their business grows were: need for more automation (38%), increase in complexity and risk (32%) and a greater focus on compliance (21%). He believes this reflects the evolving complexity of cyber security as businesses scale.
Share