In its 2025 cyber crime assessment report for Africa, Interpol identified SA as a top target for cyber crime, especially in finance and government. The country was also earmarked as a top African target for ransomware, according to 2025 research from ESET.
Undoubtedly, SA remains a target for cyber criminals, but Craig Rosewarne, MD of Wolfpack, has a straightforward – if somewhat ambitious – plan to help harden the country’s cyber defences.
ITWeb Security Summit 2026 Johannesburg – 2 and 3 June
As the cyber threat landscape becomes increasingly complex, it's critical that cyber security leaders, their teams and the organisations they protect stay ahead. To unpack all the latest developments, the methods that attackers are using and best strategies to protect your digital assets, make sure you’re at the 2026 edition of the ITWeb Security Summit, the annual gathering of cyber security professionals, experts and thought leaders.
For more information, click here.
Having undertaken a gap analysis of the country and what exists already, Rosewarne has developed a five-step plan he believes will create a roadmap to improve cyber resilience for the country, its organisations and its people. It could also be applied to the wider SADC region. Collaboration will be key.
Rosewarne is bringing together key stakeholders to discuss the plan at an exclusive, high-level closed-door session at the forthcoming ITWeb Security Summit 2026, in Johannesburg.
Pushing for private sector and government collaboration, he says: “Cyber is one of the top risks facing our country; we've all got to put our hands together to solve this.
“Cyber security is a team sport. It's not just up to the cyber or IT department; it's something that’s a business risk and also a national risk.”
He acknowledges that there are already private sector initiatives and government structures and entities in place, but adds that the number of different role players all pulling in an uncoordinated fashion creates inefficiency and confusion.
“This isn’t about reinventing the wheel,” he says, “but it might mean we need to breathe fresh life into some existing initiatives.”
Rosewarne’s five step plan:
- Create a joint national cyber security agency to act as a co-ordination hub.
- Implement national critical infrastructure cyber standards, co-written with industry.
- Launch a southern African cyber threat exchange to enable real-time intelligence sharing.
- Develop and implement a national cyber skills and awareness programme, which improves cyber resilience in both employees and citizens.
- Run national cyber crises simulations and resilience testing on an annual basis and across multiple sectors.
Rosewarne’s initial assessment is that while the Department of Communications and Digital Technologies’ Cyber Security Hub exists legally, in reality, it’s barely operational. This entity should act as a CSIRT, drive intelligence sharing and raise cyber awareness. Except it isn’t. Indeed, the Hub’s website is currently under maintenance. Rosewarne's recommendation is for the establishment of a new joint national cyber security agency to provide leadership.
“There has been talk in the past about having a cyber security director that can come in, like the information regulator, and have a team and structure assigned. They become the co-ordination point for all of government, all of private sector and they can help create that leadership role to take this forward,” he says.
For national critical infrastructure cyber standards, Rosewarne outlines that best practice in other countries is that entities and facilities that form part of national critical infrastructure undergo audits, with resulting improvement plans to action. “It provides assurance that you are protecting yourself and industries that are dependent on you. We've seen how such cyber incidents impact us, with both Transnet and the country’s court system brought down due to ransomware incidents. It has significant impacts on the economy and society.”
In terms of intelligence sharing around threats, he says some industries do have formal and informal communication and co-ordination structures in place, but this is not true of every industry. He also notes that SMEs, NGOs and the more vulnerable poor communities are often excluded. A central threat exchange – and the use of AI tools to enable real-time intelligence sharing – would help, he says.
To address skills and awareness, Rosewarne refers to the SFIA digital skills and competency framework, which, through seven levels, enables the assessment of an individual’s practical skills and experience. “It's a way that companies, industries – even countries – can assess their people, identify skills gaps and even help create job specs and job roles,” he says.
In terms of skills, Rosewarne identifies the need for greater co-ordination. “We've got all our various SETAs, our skills levies, we've got companies that need to spend money for B-BBEE transformation. The talk in the trenches is that HR can't spend the money fast enough, because there are not enough programmes or they're not co-ordinated enough. If we had a co-ordinated approach, this could fix two big problems in our country – a shortage of skills and large unemployment, especially in the youth.”
The final step, says Rosewarne, is running simulations, which he says needs to happen at a national level. “This would be a test of all these different elements – the threat exchange, looking at the critical infrastructure and how attacks could impact our country. This should be run by the co-ordination hub, under the direction of the cyber security minister or lead of the country.”
While this might sound idealistic and fanciful in the South African context, Rosewarne believes with the right collaboration, the plan is both necessary and realistic. “With the right players at this discussion, I think a resulting white paper could get tabled for discussion at government and industry levels.”
He adds that Business Unity South Africa (through Business for South Africa) has previously created a successful partnership with government to address challenges around energy, transport and logistics, and crime. “If that can be done at a country level for the bigger picture, we can definitely do this on a smaller scale for the cyber world as well.”
This discussion about increasing collaboration to combat cyber attacks in SA and its neighbouring countries will be an exclusive ‘behind closed doors’ session at Security Summit 2026, in Johannesburg. Among the confirmed attendees to date are Savannah Maziya, minister of ICT, Eswatini; Adam Smith, southern Africa cyber lead, British High Commission; Sithembile Songo, group head: information security, Eskom; Zaid Parak, group CISO, Discovery; and Itumeleng Makgati, divisional executive: group technology, Nedbank. To be considered for participation in this critical discussion, please contact Ros Hinchcliffe.
Share