Posts List
Featured News
Business & Gov
Why cybersecurity awareness is failing South African businesses and what to fix first
Charmé van der Westhuizen, New Business Development Manager at IPT
South African businesses are investing heavily in cybersecurity technology. Detection tools are becoming more sophisticated, monitoring is more advanced, and response capabilities are faster. Yet most breaches still begin with a human error. This shows that technology is not the problem. Instead, it is how cybersecurity is approached.
For many businesses, cybersecurity awareness remains a compliance activity rather than a risk discipline. Training is scheduled annually, attendance is recorded, and certificates are issued. From a governance perspective, the requirement has been met. From a risk perspective, little has changed.
Not a one-off event
In practice, behaviour is shaped by what is reinforced, not what is presented once a year. When training is concentrated into a single intensive session, it competes with operational pressures and fades quickly out of memory. The reality of South African business environments is that teams are stretched, inboxes are full, and urgency is constant. Under those conditions, knowledge without reinforcement does not stick.
If we accept that human behaviour remains the entry point for most cyber incidents, then awareness cannot sit on the periphery of the security strategy; it must be embedded in business operations.
Thinking differently
The first issue to fix is cadence. Short, consistent training delivered over time improves employee skills much more effectively than infrequent, high-intensity workshops. This is not because the content is different, but rather because repetition alters how employees respond to cyberattacks. When people are exposed more frequently to common threat scenarios, they can better identify any potential attack.
The second issue is relevance. Many organisations roll out uniform training across the entire business. That approach assumes that all employees experience the same risk exposure. In reality, risk varies by department. Finance teams face different attack patterns from sales teams. HR manages different types of sensitive information from operations. When awareness programmes fail to reflect those realities, they lose credibility.
Cybersecurity is often described as an IT responsibility. It is not. It is behavioural risk management embedded across departments. If awareness is not tailored to role-based exposure, engagement drops and risk remains unevenly distributed.
The third issue is measurement. Awareness programmes frequently rely on completion metrics rather than behavioural indicators. Attendance does not equal building a resilient organisation. A signed acknowledgement does not demonstrate that a company has now improved its cyber defences.
Identifying threats
When organisations assess behavioural vulnerabilities at the outset, they gain visibility into actual exposure. Automation can then deliver targeted reinforcement at regular intervals, addressing identified weak points rather than rotating generic topics. Over time, this produces measurable improvement instead of superficial coverage.
Automation, in this context, is not about sophistication for its own sake. It is about consistency and accountability. It ensures that awareness is not dependent on manual scheduling or shifting priorities. Weaknesses are identified, addressed, and re-evaluated systematically.
Without that structure, awareness remains reactive.
More than compliance
South African businesses operate in a regulatory and economic environment where reputational damage and operational disruption carry significant consequences. Clients, partners, and regulators increasingly expect demonstrable risk management, not theoretical commitment.
The uncomfortable reality is that many companies are investing more in detecting breaches than in preventing the human actions that trigger them.
Fixing cybersecurity awareness does not require a new platform as a starting point. It requires reframing awareness as an ongoing behavioural discipline supported by structured reinforcement, role-based relevance, and measurable improvement.
Technology will always be essential. But until awareness is integrated into operational processes and treated as a governed risk control, the human layer will remain inconsistently defended.
The number of tools deployed does not define cybersecurity maturity. It is reflected in how people behave under pressure. That is where the real work begins.
Tech & Events
What to watch for in construction this year
Morag Evans, CEO of Databuild
In a recent webinar on South Africa’s construction sector, I was struck by how familiar the themes were, and how urgent they have become. The panel covered everything from interest rates and infrastructure backlogs to contractual disputes and green lubricants. While construction remains one of the most powerful levers for growth and jobs in South Africa, it is not being leveraged to its full potential.
Our clients are trying to keep teams employed, price projects appropriately, and plan capacity in an environment where policy, capital, and delivery are often out of sync. The webinar highlighted several trends that anyone in the built environment should pay attention to.
1. The cost of capital is choking construction
From an economic perspective, South Africa’s real prime interest rate has climbed to about 7%, which is roughly double the level during former Reserve Bank Governor Gill Marcus’s tenure. Over the same period, GDP growth slowed, and construction indicators weakened across building plans passed and the volume of building materials produced.
For a sector that relies on long-term investment, the cost of capital is one of the main reasons so many projects stall before they reach the site. The same data set showed that gross fixed capital formation in South Africa sits at just over 14% of GDP, roughly half the global average of around 28%. This suggests that the country is investing far too little in new productive assets, and the construction economy is feeling it first.
2. Fixing the basics before chasing big visions
The panellists agreed that there is nothing wrong with talking about smart cities and flagship projects. The problem is that many municipalities are struggling to keep basic systems working. Water availability, local substations, aged distribution networks, and failing municipal and provincial roads were all flagged as immediate risks. In some areas, the conversation is shifting from load shedding and water scarcity to the prospect of localised outages because of neglected infrastructure.
Before South Africa pursues ambitious new infrastructure, it has to repair and maintain what already exists, particularly water, electricity distribution, sewage systems, and local roads. That is where the most immediate construction work lies, and where communities feel the impact first.
This echoes what we see in our project data. The most resilient pipelines are often those linked to essential services and maintenance, not only new builds.
3. Capital is available, but projects are not getting through the system
South Africa has deep financial markets, development finance institutions and access to blended finance. The constraint is not a lack of money, but the slow movement from concept to bankable project and financial close. Weak project preparation, opaque procurement processes and uncertainty about the “rules of the game” were all highlighted as barriers.
There was also an important clarification around public-private partnerships (PPPs). Properly structured PPPs and private-sector participation models are not the same as privatisation, but are tools for bringing in capital and skills where the state cannot deliver on its own, while still protecting public ownership. The problem is the lack of shared understanding and consistent execution.
For contractors, consultants, and manufacturers, this translates into a familiar frustration where projects are announced, but actual work is slow to reach the market.
4. Contracts, risk, and disputes are becoming more complex
Additionally, standard form contracts are increasingly being amended with particular conditions that shift more risk onto contractors, rather than allocating it to the party best placed to manage it. That can make serious players wary of specific opportunities and can undermine project delivery before it begins.
At the same time, adjudication and arbitration processes designed to be faster and more practical than court proceedings are becoming more legalistic and expensive. Instead of “quick and dirty” adjudication on the papers, some matters are turning into mini arbitrations with senior counsel, extended timelines and rising costs. The call was to appoint bodies, adjudicators, and arbitrators to restore the original intent and introduce simplified processes for lower-value disputes.
5. Technology, decarbonisation, and skills will shape the next cycle
Two other trends stood out. The first is the growing use of data and digital tools to monitor equipment uptime and improve site efficiency. Using analytics and digital “construction site” solutions is already helping reduce unplanned downtime, which is often far more expensive than routine maintenance items such as lubricants.
Sustainability is becoming a bigger priority. Cleaner, plant-based lubricants, and decarbonisation strategies are also gaining traction as government and private clients push for lower emissions and more environmentally responsible construction practices.
The second is the skills mix. Engineering capacity in the public sector has been hollowed out over time, while private-sector firms are losing experienced professionals to markets with more predictable project pipelines. The panel argued strongly for better procurement of intellectual services, with a focus on total cost of ownership rather than bargain prices for design and consulting work. If the country wants safe, durable infrastructure, it has to value the skills that make it possible.
Where to from here?
The most important takeaway from the webinar is that none of these issues exists in isolation. Interest rate decisions, municipal capability, PPP frameworks, contract risk, and maintenance choices all shape how many projects reach the market, how quickly, and with what risk profile.
In that environment, verified project intelligence becomes a practical tool. If the sector is going to overcome its challenges, every contractor, manufacturer, and professional team needs to know where real opportunities lie, which projects are moving forward, and how policy shifts are translating into actual work on the ground.
Construction can still be a major driver of jobs and growth in South Africa. The question is whether we can align policy, capital, skills, and information quickly enough to turn talk into sites and plans into completed projects.