03 May 2023

Just 19% of organisations in South Africa have the ‘Mature’ level of readiness needed to be resilient against today’s modern cybersecurity risks, according to Cisco’s Cybersecurity Readiness Index.

Organisations have moved from an operating model that was largely static – where people operated from single devices from one location, connecting to a static network – to a hybrid world in which they increasingly operate from multiple devices in multiple locations, connect to multiple networks, access applications in the cloud and on the go, and generate enormous amount of data. This presents new and unique cybersecurity challenges for companies.

Alongside the finding that only 19% of companies in South Africa are at the Mature stage, 52% of companies fall into the Beginner (8%) or Formative (44%) stages. While organisations in South Africa are faring better than the global average (15% of companies in the Mature stage), the number is still very low, given the risks.

This readiness gap is telling, not least because 65% of respondents said they expect a cybersecurity incident to disrupt their business in the next 12 to 24 months. The cost of being unprepared can be substantial, as 57% of respondents said they had a cybersecurity incident in the last 12 months and 17% of those affected said it cost them at least US$500,000.

“The move to a hybrid world has fundamentally changed the landscape for companies and created even greater cybersecurity complexity,” said Jeetu Patel, executive vice president and general manager of security and collaboration, Cisco. “Organisations must stop approaching defense with a mix of point tools and instead, consider integrated platforms to achieve security resilience while reducing complexity. Only then will businesses be able to close the cybersecurity readiness gap.”

Business leaders must establish a baseline of ‘readiness’ across the five security pillars to build secure and resilient organisations. This need is especially critical given that 78% of the respondents plan to increase their security budgets by at least 10% over the next 12 months. By establishing a base, organisations can build on their strengths and prioritise the areas where they need more maturity and improve their resilience.

“With highly distributed teams and devices leading to a rapidly expanding attack surface, achieving security resilience must remain a top priority,” said Conrad Steyn, CTO and head of engineering, Cisco sub-Saharan Africa. “Cisco’s Cybersecurity Readiness Index provides a clear picture of what businesses have been doing to protect their operations across South Africa and, more importantly, what steps still need to be taken to deliver secure, seamless online environments.”