Concerns are growing that cyber security readiness is not evolving at the same pace as AI tools, which are becoming increasingly embedded across business operations. This gap is particularly visible among small and medium-sized enterprises (SMEs), many of which are under pressure to digitise while lacking the internal systems, skills and controls needed to manage emerging risks effectively.
This is according to Rubrik, a silver sponsor of the ITWeb Security Summit 2026 in Johannesburg, which takes place on 2 and 3 June at the Sandton Convention Centre.
ITWeb Security Summit 2026
To learn more about defending organisations against today’s evolving cyber threats, register for the ITWeb Security Summit 2026, where global and local experts will unpack the latest security trends and solutions.
Ahead of the event, Lloyd Timcke, regional director for Africa and Israel at Rubrik, shared his views on the widening gap between AI adoption and cyber security maturity, as well as the risks facing SMEs as digital transformation accelerates.
Timcke says while SA is among the leading AI adopters on the continent, security readiness is not keeping pace.
“According to Microsoft AI diffusion research, South Africa recorded an adoption rate of 21.1% by late 2025, the highest in Africa. That is something to be proud of, but when you look at the security infrastructure beneath that adoption, the picture becomes far less flattering. Across sub-Saharan Africa, cloud computing adoption sits at around 61%, AI at 55% and cyber security at just 44%. Security is consistently the laggard, because we are accelerating into a technology-rich future without the safety architecture to match,” he says.
Timcke says SMEs are particularly exposed. “Every new AI tool an SME deploys creates vulnerabilities that require informed people to manage, and right now, those people are in short supply.”
He notes that the nature of cyber threats has shifted significantly, with identity now forming the primary attack surface. “Criminals are increasingly using stolen credentials to gain access rather than attempting to breach perimeter defences directly, particularly in cloud and hybrid environments.”
The growing use of AI agents and automation tools introduces additional complexity, he adds, as these systems often operate with their own digital identities and access rights. “The combination of faster-moving threats, expanding attack surfaces and limited recovery capability creates a situation where AI is simultaneously driving efficiency and increasing risk exposure.”
On practical steps for SMEs, Timcke says the focus should be on fundamentals rather than complex security architectures. He emphasises controlling access to systems and ensuring permissions are reviewed regularly and revoked when no longer needed – particularly when employees change roles or leave the company.
He also stresses the importance of multifactor authentication across all business systems, not just e-mail, as a basic but highly effective safeguard against credential-based attacks.
He recommends that companies establish clear internal guidelines for AI usage, including which tools are permitted, what data can be used and how outputs should be validated before use in business processes. “Create an AI usage policy before you need one,” he says.
Timcke further advises that companies understand and test their recovery capabilities, including how they would respond in the first 24 hours of a cyber incident.
Looking ahead, he says SA’s SME sector will continue to digitise rapidly, with AI adoption expected to expand further across industries. However, he cautions that without parallel investment in cyber security skills, governance and recovery planning, the gap between adoption and readiness is likely to persist.
Share
