South Africa’s public sector is facing an escalating cyber security challenge. Increasing incidents of malware, phishing and ransomware attacks are putting government systems and citizen data under growing pressure, demanding a shift towards modernised information management and digital resilience.
According to Shanaaz Moosa, Sales Director: Public Sector and Cybersecurity at OpenText, this evolving threat landscape has major implications for how government departments manage and protect their information assets. “Cyber security threats in South Africa’s public sector have intensified, prompting urgent reforms in information governance. Agencies must ensure compliance with the Protection of Personal Information Act (POPIA) and strengthen policies around how personal data is stored, accessed and reported in the event of a breach,” she explains.
From compliance to proactive resilience
Government departments are moving beyond compliance to embrace proactive cyber security strategies. This includes tightening data governance, improving incident response and prioritising staff training to reduce human error, which is often the weakest link in cyber security chains.
“Public institutions are beginning to implement proactive defence measures such as data classification and role-based access control,” notes Moosa. “As services move online, agencies need to ensure that their systems, cloud environments and endpoints are protected through encryption and real-time threat monitoring.”
Strengthening governance through regulation and technology
Moosa highlights that POPIA and GDPR have transformed how public institutions manage and protect citizen data. “These regulations have not only strengthened privacy controls but have also boosted public confidence in how the government handles sensitive information, especially in critical sectors such as health, education and social services.”
However, significant gaps remain. Many departments still operate on outdated infrastructure, lack standardised security policies and have limited incident response capabilities. Addressing these weaknesses, Moosa says, requires co-ordinated investment in modern IT systems, centralised oversight and robust vendor risk management frameworks.
The role of AI in securing public services
Artificial intelligence (AI) and automation are also reshaping the cyber security landscape. “AI enables real-time threat detection and predictive vulnerability analysis, helping departments stay one step ahead of attackers,” Moosa explains. “Automated data classification and compliance monitoring can also streamline governance, ensuring citizen data is safeguarded while improving operational efficiency.”
A call to modernise
Failure to modernise information security strategies, Moosa warns, could have severe implications for public safety, national infrastructure and citizen trust. “CIOs and CISOs must move beyond viewing security as a checkpoint and instead embed it into every phase of digital transformation, from architecture and design to service delivery.”
Looking ahead
Over the next three to five years, Moosa expects to see greater adoption of AI-driven threat detection, cloud-first security models, adaptive frameworks and a sharper focus on data sovereignty. “Resilient cyber security isn’t just about technology, it’s about building trust in government’s ability to protect its citizens in the digital age.”
Join the conversation at the OpenText Public Sector Imbizo 2025
These themes and more will be explored at the upcoming OpenText Public Sector Imbizo 2025, being held in Johannesburg on 11 November. Government leaders, technology experts and cyber security professionals will discuss strategies for securing South Africa’s digital future.
Don’t miss this opportunity to engage with industry peers and explore innovative solutions for secure digital transformation.
Register now for the OpenText Public Sector Imbizo 2025, an exclusive forum for public sector decision-makers shaping the next era of cyber security and information management.
Share