State of cybersecurity in South Africa

The Council for Scientific and Industrial Research (CSIR) Information and Cybersecurity Centre, in collaboration with the Cybersecurity Hub under the Department of Communication and Digital Technologies, is pleased to announce the release of four national cybersecurity surveys conducted at the end of the 2023/24 financial year.

These comprehensive surveys delve into critical areas such as cybersecurity preparedness and resilience in the public sector, cybersecurity skills gaps, cybersecurity incidents and the digital identity landscape in South Africa.

Methodology:

The national surveys were conducted using a combination of telephone interviews and online questionnaires to reach a diverse sample of participants across South Africa. A particular focus was placed on the larger provinces, such as Gauteng, KwaZulu-Natal and the Western Cape to ensure a broad representation.

Over 300 responses were collected for each survey, resulting in a total of over 1200 individuals and organisations participating. This robust sample size provided a solid foundation for the survey findings and analysis.

Summary of the findings

As South Africa continues its rapid digital transformation, it is imperative to understand the cybersecurity challenges and opportunities facing the nation. These surveys provide valuable insights into the current state of cybersecurity in the country and offer recommendations for improvement by government and industry.

Key findings from the surveys:

• Prevalence of cyberattacks: A significant 47% of organisations reported experiencing 1-5 cybersecurity incidents in the past year, underscoring the persistent threat landscape.
•  Data breaches: A concerning 88% of participants admitted to suffering at least one security breach, with 90% of those organisations being targeted multiple times.
• Malware and phishing: Malware and phishing attacks emerged as the most common cyber threats, with organisations reporting a high incidence of these attacks.
• Cybersecurity awareness: Only 32% of the respondents indicated that over half of their employees have received cybersecurity awareness training in the past year, indicating a serious gap in organisations’ seriousness in building cybersecurity awareness and culture.
•  Skills gap: A critical challenge identified was the cybersecurity skills gap, with 63% of cybersecurity roles partially or fully unfilled.
• Talent retention: Retaining cybersecurity talent is another pressing issue, with 35% of professionals citing better offers, lack of training opportunities, and other factors as reasons for leaving their current positions.
• Cybersecurity monitoring: Only 41% of the organisations are assessing and monitoring cyber threats on daily basis, indicating that majority of organisations are not prepared to deal with cyber threats which according to Telecom Review Africa , South Africa experiences almost over 20 million cyber security threats or attacks per month.
• Digital identity: Financial institutions (88.0%) were considered the most important driver of the South African digital identity market. Over two-thirds mentioned both encryption and privacy technologies (71%) and biometrics (68%) as drivers, while half reported identity theft being a serious concern that can be addressed by digital identity.

Dr Jabu Mtsweni, Head of the CSIR Information and Cybersecurity Centre, emphasised the significance of these surveys, stating, "In today's interconnected world, cybersecurity is a paramount concern. These national surveys provide a comprehensive assessment of our cybersecurity posture and highlight areas where we need to strengthen our defenses as a country, and further they provide local and contextual research in this domain ".

Dr Kiru Pillay from the Cybersecurity Hub commented that while the integration of ICTs into daily life has greatly benefited society, increased digital connectivity also introduces significant risks, as cybercriminals exploit vulnerabilities in cyberspace. Cybersecurity must therefore be prioritised as a strategic imperative across all aspects of governance and service delivery. Studies like these are crucial in helping us understand our current standing as a country and determine where we should focus our initiatives.

Recommendations:

Based on the survey findings, the CSIR recommends the following actions:

• Invest in cybersecurity: Increase investment in cybersecurity infrastructure, education, and research.
• Develop a skilled workforce: Prioritise the development of a skilled cybersecurity workforce through training and education programs.
• Strengthen incident response: Enhance incident response capabilities to effectively handle cyberattacks.
• Improve digital identity: Implement robust digital identity solutions to protect users online.
• Foster public-private partnerships: Encourage collaboration between the public and private sectors to address cybersecurity challenges.

The CSIR believes that by addressing these recommendations, South Africa can significantly improve its cybersecurity posture and protect its critical infrastructure and citizens from cyber threats.

Click link to access  the Cybersecurity awareness and preparedness report - https://www.csir.co.za/documents/cybersecurity-awareness-and-preparednesspdf  

-ENDS-

Issued by CSIR Strategic Communication

For enquiries, contact:
Phetolo Phatsibi, Media Relations Practitioner
Email: PPhatsibi@csir.co.za
Mobile: 081 396 8871

About the CSIR:

The CSIR, an entity of the Ministry of Science and Innovation, is one of the leading scientific and technology research, development and implementation organisations in Africa. Constituted by an Act of Parliament in 1945 as a science council, the CSIR undertakes directed and multidisciplinary research and technological innovation, as well as industrial and scientific development, to improve the quality of life of all South Africans. For more information, visit www.csir.co.za.

Follow us on social media:

Twitter: @CSIR. Facebook: CSIRSouthAfrica. Instagram: CSIRSouthAfrica. LinkedIn: Council for Scientific and Industrial Research (CSIR). YouTube: CSIRNewMedia