Almost 9 in 10 companies – 88% – included in South Africa’s first official cybersecurity survey admitted to suffering at least one cybersecurity breach. Of these, 90% had been targeted multiple times.

The startling finding emerged from a study by the Information and Cybersecurity Centre of the Council for Scientific and Industrial Research (CSIR), in collaboration with the Cybersecurity Hub under the Department of Communication and Digital Technologies. The state entities conducted four national cybersecurity surveys at the end of the 2023/24 financial year to evaluate cybersecurity preparedness and resilience in the public sector, cybersecurity skills gaps, cybersecurity incidents and the digital identity landscape in South Africa.

The surveys were conducted using a combination of telephone interviews and online questionnaires “to reach a diverse sample of participants across South Africa”, with a focus on the larger provinces, such as Gauteng, KwaZulu-Natal and the Western Cape.

Over 300 responses were collected for each survey, resulting in a total of over 1200 individuals and organisations participating. This robust sample size provided a solid foundation for the survey findings and analysis.

Key findings from the surveys included:

Prevalence of cyberattacks: A significant 47% of organisations reported experiencing 1-5 cybersecurity incidents in the past year, underscoring the persistent threat landscape.

Data breaches: A concerning 88% of participants admitted to suffering at least one security breach, with 90% of those organisations being targeted multiple times.

Malware and phishing: Malware and phishing attacks emerged as the most common cyber threats, with organisations reporting a high incidence of these attacks.

Cybersecurity awareness: Only 32% of the respondents indicated that over half of their employees have received cybersecurity awareness training in the past year, indicating a serious gap in organisations’ seriousness in building cybersecurity awareness and culture.

Skills gap: A critical challenge identified was the cybersecurity skills gap, with 63% of cybersecurity roles partially or fully unfilled.

Talent retention: Retaining cybersecurity talent is another pressing issue, with 35% of professionals citing better offers, lack of training opportunities, and other factors as reasons for leaving their current positions.

Cybersecurity monitoring: Only 41% of the organisations are assessing and monitoring cyber threats on a daily basis, indicating that the majority of organisations are not prepared to deal with cyber threats which according to Telecom Review Africa , South Africa experiences almost over 20-million cyber security threats or attacks per month.

Digital identity: Financial institutions (88.0%) were considered the most important driver of the South African digital identity market. Over two-thirds mentioned both encryption and privacy technologies (71%) and biometrics (68%) as drivers, while half reported identity theft being a serious concern that can be addressed by digital identity.

“In today’s interconnected world, cybersecurity is a paramount concern,” said Dr Jabu Mtsweni, head of the CSIR Information and Cyber Security Centre. “These national surveys provide a comprehensive assessment of our cybersecurity posture and highlight areas where we need to strengthen our defences as a country, and further they provide local and contextual research in this domain.”

Based on the survey findings, the CSIR recommends the following actions:

Invest in cybersecurity: Increase investment in cybersecurity infrastructure, education, and research.

Develop a skilled workforce: Prioritise the development of a skilled cybersecurity workforce through training and education programs.

Strengthen incident response: Enhance incident response capabilities to effectively handle cyberattacks.

Improve digital identity: Implement robust digital identity solutions to protect users online.

• Foster public-private partnerships: Encourage collaboration between the public and private sectors to address cybersecurity challenges.