Posts List
Business & Gov
Why cybersecurity awareness is failing South African businesses and what to fix first
Charmé van der Westhuizen, New Business Development Manager at IPT
South African businesses are investing heavily in cybersecurity technology. Detection tools are becoming more sophisticated, monitoring is more advanced, and response capabilities are faster. Yet most breaches still begin with a human error. This shows that technology is not the problem. Instead, it is how cybersecurity is approached.
For many businesses, cybersecurity awareness remains a compliance activity rather than a risk discipline. Training is scheduled annually, attendance is recorded, and certificates are issued. From a governance perspective, the requirement has been met. From a risk perspective, little has changed.
Not a one-off event
In practice, behaviour is shaped by what is reinforced, not what is presented once a year. When training is concentrated into a single intensive session, it competes with operational pressures and fades quickly out of memory. The reality of South African business environments is that teams are stretched, inboxes are full, and urgency is constant. Under those conditions, knowledge without reinforcement does not stick.
If we accept that human behaviour remains the entry point for most cyber incidents, then awareness cannot sit on the periphery of the security strategy; it must be embedded in business operations.
Thinking differently
The first issue to fix is cadence. Short, consistent training delivered over time improves employee skills much more effectively than infrequent, high-intensity workshops. This is not because the content is different, but rather because repetition alters how employees respond to cyberattacks. When people are exposed more frequently to common threat scenarios, they can better identify any potential attack.
The second issue is relevance. Many organisations roll out uniform training across the entire business. That approach assumes that all employees experience the same risk exposure. In reality, risk varies by department. Finance teams face different attack patterns from sales teams. HR manages different types of sensitive information from operations. When awareness programmes fail to reflect those realities, they lose credibility.
Cybersecurity is often described as an IT responsibility. It is not. It is behavioural risk management embedded across departments. If awareness is not tailored to role-based exposure, engagement drops and risk remains unevenly distributed.
The third issue is measurement. Awareness programmes frequently rely on completion metrics rather than behavioural indicators. Attendance does not equal building a resilient organisation. A signed acknowledgement does not demonstrate that a company has now improved its cyber defences.
Identifying threats
When organisations assess behavioural vulnerabilities at the outset, they gain visibility into actual exposure. Automation can then deliver targeted reinforcement at regular intervals, addressing identified weak points rather than rotating generic topics. Over time, this produces measurable improvement instead of superficial coverage.
Automation, in this context, is not about sophistication for its own sake. It is about consistency and accountability. It ensures that awareness is not dependent on manual scheduling or shifting priorities. Weaknesses are identified, addressed, and re-evaluated systematically.
Without that structure, awareness remains reactive.
More than compliance
South African businesses operate in a regulatory and economic environment where reputational damage and operational disruption carry significant consequences. Clients, partners, and regulators increasingly expect demonstrable risk management, not theoretical commitment.
The uncomfortable reality is that many companies are investing more in detecting breaches than in preventing the human actions that trigger them.
Fixing cybersecurity awareness does not require a new platform as a starting point. It requires reframing awareness as an ongoing behavioural discipline supported by structured reinforcement, role-based relevance, and measurable improvement.
Technology will always be essential. But until awareness is integrated into operational processes and treated as a governed risk control, the human layer will remain inconsistently defended.
The number of tools deployed does not define cybersecurity maturity. It is reflected in how people behave under pressure. That is where the real work begins.
Tech & Events
cidb Expands ERWIC Awards to Recognise Women Advancing Construction Through Research, Innovation and Education
The Construction Industry Development Board (cidb) has expanded its 2026 Empowerment and Recognition of Women in Construction (ERWIC) Awards with the introduction of an Academic Excellence category, recognising researchers, lecturers and industry educators whose work is advancing South Africa’s construction and built environment sector through teaching, research, mentorship, innovation and industry engagement.
The new category reflects the cidb’s recognition that the future of construction is shaped not only on project sites, but also in lecture halls, research institutions and industry learning environments. By recognising women whose work is generating new knowledge, improving construction practices and developing future professionals, the expanded awards programme acknowledges the diverse contributions that strengthen the industry’s growth and transformation.
“The ERWIC Awards celebrate women whose leadership, expertise and commitment are helping to transform South Africa’s construction industry,” says cidb CEO Bongani Dladla. “The introduction of the Academic Excellence category recognises the important contribution made by researchers, lecturers and industry educators to advance construction knowledge, strengthen professional practice, drive innovation and develop the skills our sector needs to thrive.”
Now in their seventh year, the cidb ERWIC Awards have become one of South Africa’s premier platforms for recognising women making a measurable contribution across the construction value chain. The awards celebrate excellence across diverse areas of the industry, from project delivery and professional services to innovation, manufacturing, mentorship, transformation and disability inclusion. The introduction of the Academic Excellence category expands that recognition to women whose teaching, research and industry engagement are helping to shape the future of South Africa’s construction and built environment sector.
The awards form part of the cidb’s broader commitment to building a more inclusive, capable and transformed construction industry. Through its programmes and initiatives, the cidb continues to strengthen contractor development, support enterprise growth, promote skills development and create greater opportunities for women to participate and lead across the construction value chain.
While women remain under-represented in the construction sector, progress continues to be made. According to the cidb’s Construction Monitor, women accounted for 11% of the approximately 1.259 million people employed in South Africa’s construction sector at the end of the second quarter of 2025. By recognising excellence across the profession, the cidb aims to inspire greater participation by women and encourage more leaders who will help shape the industry’s future.
“The future of our industry will be shaped by the people we recognise, support and inspire today,” adds Dladla. “The ERWIC Awards celebrate women who are breaking new ground, opening doors for others and redefining what leadership looks like across the construction and built environment sector. Their success strengthens the industry today while inspiring the leaders who will shape it tomorrow.”
The closing date for entries has been extended to 10 July 2026. Entries can be submitted at www.erwicawards-cidb.co.za
Latest News
cidb Expands ERWIC Awards to Recognise Women Advancing Construction Through Research, Innovation and Education
The Construction Industry Development Board (cidb) has expanded its 2026 Empowerment and Recognition of Women in Construction (ERWIC) Awards with the introduction of an Academic Excellence category, recognising researchers, lecturers…
Winning the tender is when the real risk begins
Morag Evans, CEO of Databuild Winning a tender tends to create a sense that things are under control. The project is secured, teams are briefed, and attention shifts quickly to…
Human Settlements Minister Thembi Simelane, 13th Session of the World Urban Forum
Human Settlements Minister Thembi Simelane, on behalf of the Government of the Republic of South Africa, delivered the Country Statement at the 13th Session of the World Urban Forum currently…
The strongest businesses are built on people, not strategy alone
The strongest businesses are built on people, not strategy alone Frik van der Westhuizen, CEO of EQPlus Most companies do not fail because of a bad strategy. They fail because…
Africa Energy Indaba 2027 Builds Momentum for Africa’s Energy Transformation
From Presidential Keynote to Continental Impact: Africa Energy Indaba 2027 Builds Momentum for Africa’s Energy Transformation. The Africa Energy Indaba 2026 set a new benchmark for the continent’s energy dialogue,…
