While SA's financial services sector has made meaningful strides in governance, regulation and operational excellence, research shows that many institutions remain vulnerable due to fragmented strategies, outdated frameworks and a compliance-over-culture mindset.
So claims Dr Craig Toontas, executive governance and technology strategist, who is scheduled to deliver the opening keynote address at the ITWeb Security in Finance 2026 conference on 5 March at The Forum, Alice Lane, Sandton.
Dr Toontas is a governance strategist and commercial leader whose expertise lies in translating complex risk landscapes into resilient boardroom strategies. With a career spanning corporate governance, digital risk oversight and executive execution, he is recognised for enabling boards to exercise sharper fiduciary judgment while ensuring operational integrity and organisational sustainability in regulated and politically complex environments.
He brings deep fluency in technology, cyber governance and data security, drawing on doctoral research that produced practical frameworks for board preparedness and enterprise resilience against cyber crime and other technology risks.
This expertise is reinforced by leadership across multibillion-rand group structures, where he embedded governance frameworks, refined statutory reporting and strengthened executive accountability to align decision-making with regulatory requirements and stakeholder obligations.
At the ITWeb Security in Finance 2026 conference, Dr Toontas will explain the significance of where SA’s financial services sector finds itself currently – highly digitised, globally integrated and increasingly targeted by cyber criminals.
“I will unpack the true state of cyber readiness in the sector, informed by two years of intensive research and interviews across major banks, insurers and regulatory bodies,” said Dr Toontas.
In his presentation, he will unpack several issues that continue to impact financial services in SA, including:
- Why governance maturity, not just technology, is the defining success factor in cyber security.
- How King IV principles and global standards are being interpreted (and misinterpreted) across the sector.
- The gap between executive confidence and operational vulnerability.
- The rise of sophisticated social engineering and insider threats in financial institutions.
- Practical steps to embed cyber crime readiness into board-level decision-making.
Lisa Lawlor, events director at ITWeb, said ITWeb Security in Finance 2026 is a highly relevant event that business leaders dare not miss.
“The financial services sector remains a lucrative target for cyber criminals – and we continue to witness the impact of attacks, especially phishing and ransomware, on financial institutions. This event is relevant because it will empower business leaders and financial services operators with the knowledge they need to better protect themselves and their resources, as well as better understand the global dynamics involved in handling influences like AI, analytics and data management. It will also highlight regulatory changes that impact financial services operators and institutions.”
The event will bring together financial institutions, regulators, CISOs, CIOs, risk leaders and security solution providers for a focused, high-value day of insight, discussion and connection.
Click here for more information and to register.
Share