Posts List
Featured News
Business & Gov
Why cybersecurity awareness is failing South African businesses and what to fix first
Charmé van der Westhuizen, New Business Development Manager at IPT
South African businesses are investing heavily in cybersecurity technology. Detection tools are becoming more sophisticated, monitoring is more advanced, and response capabilities are faster. Yet most breaches still begin with a human error. This shows that technology is not the problem. Instead, it is how cybersecurity is approached.
For many businesses, cybersecurity awareness remains a compliance activity rather than a risk discipline. Training is scheduled annually, attendance is recorded, and certificates are issued. From a governance perspective, the requirement has been met. From a risk perspective, little has changed.
Not a one-off event
In practice, behaviour is shaped by what is reinforced, not what is presented once a year. When training is concentrated into a single intensive session, it competes with operational pressures and fades quickly out of memory. The reality of South African business environments is that teams are stretched, inboxes are full, and urgency is constant. Under those conditions, knowledge without reinforcement does not stick.
If we accept that human behaviour remains the entry point for most cyber incidents, then awareness cannot sit on the periphery of the security strategy; it must be embedded in business operations.
Thinking differently
The first issue to fix is cadence. Short, consistent training delivered over time improves employee skills much more effectively than infrequent, high-intensity workshops. This is not because the content is different, but rather because repetition alters how employees respond to cyberattacks. When people are exposed more frequently to common threat scenarios, they can better identify any potential attack.
The second issue is relevance. Many organisations roll out uniform training across the entire business. That approach assumes that all employees experience the same risk exposure. In reality, risk varies by department. Finance teams face different attack patterns from sales teams. HR manages different types of sensitive information from operations. When awareness programmes fail to reflect those realities, they lose credibility.
Cybersecurity is often described as an IT responsibility. It is not. It is behavioural risk management embedded across departments. If awareness is not tailored to role-based exposure, engagement drops and risk remains unevenly distributed.
The third issue is measurement. Awareness programmes frequently rely on completion metrics rather than behavioural indicators. Attendance does not equal building a resilient organisation. A signed acknowledgement does not demonstrate that a company has now improved its cyber defences.
Identifying threats
When organisations assess behavioural vulnerabilities at the outset, they gain visibility into actual exposure. Automation can then deliver targeted reinforcement at regular intervals, addressing identified weak points rather than rotating generic topics. Over time, this produces measurable improvement instead of superficial coverage.
Automation, in this context, is not about sophistication for its own sake. It is about consistency and accountability. It ensures that awareness is not dependent on manual scheduling or shifting priorities. Weaknesses are identified, addressed, and re-evaluated systematically.
Without that structure, awareness remains reactive.
More than compliance
South African businesses operate in a regulatory and economic environment where reputational damage and operational disruption carry significant consequences. Clients, partners, and regulators increasingly expect demonstrable risk management, not theoretical commitment.
The uncomfortable reality is that many companies are investing more in detecting breaches than in preventing the human actions that trigger them.
Fixing cybersecurity awareness does not require a new platform as a starting point. It requires reframing awareness as an ongoing behavioural discipline supported by structured reinforcement, role-based relevance, and measurable improvement.
Technology will always be essential. But until awareness is integrated into operational processes and treated as a governed risk control, the human layer will remain inconsistently defended.
The number of tools deployed does not define cybersecurity maturity. It is reflected in how people behave under pressure. That is where the real work begins.
Tech & Events
The strongest businesses are built on people, not strategy alone
The strongest businesses are built on people, not strategy alone
Frik van der Westhuizen, CEO of EQPlus
Most companies do not fail because of a bad strategy. They fail because they cannot execute the strategy they already have in place. Even when budgets are allocated and technology is deployed, delivery often lags and timelines are missed. Too often, the temptation is to re-examine the strategy or find new tools to implement. But in reality, the constraint is not the strategy but where the company has been structured to execute on it.
Processes and technology do not compensate for misalignment, unclear ownership, or capability gaps. If these hurdles are not overcome, then the work is often duplicated, and accountability becomes diluted. It is not a culture problem but a design problem of how strategies are managed and implemented.
Many businesses still treat people as a layer that supports strategy, rather than the system through which strategy is executed. Job titles rather than outcomes define roles. Teams are measured by functional metrics rather than shared results. And when nobody knows who is responsible for making decisions, they hesitate when they should be focused on faster turnaround times.
Strategy assumes a level of coordination and capability that does not exist in practice. In the South African context, this gap is even more visible. Skills shortages in areas such as cybersecurity, data engineering, and advanced analytics are well-documented. Organisations respond by hiring where they can or outsourcing where they must. But hiring into a misaligned internal structure does not solve the problem.
People architecture
The strongest businesses understand that performance is driven by what can be described as people architecture. This is not about headcount. It is about how teams are positioned to deliver outcomes under pressure.
Alignment is the first requirement. People need clarity on what matters, how success is measured, and who makes the decisions. Without that, even experienced teams default to protecting their own priorities. Work still happens, but it does not move the business forward.
Trust follows. This reduces the ‘cost’ of coordination. Teams that trust each other share information earlier, escalate risks faster, and make decisions with less internal resistance. If trust is not there, everything requires validation, escalation, or sign-off. This not only impacts speed but also accountability.
Capability is the next component, and the one most organisations misunderstand. This is not just about technical skill but also about applying that skill in a way that produces consistent, measurable outcomes. That includes understanding dependencies, managing trade-offs, and delivering within any organisational constraints, for example, budgets.
More than platforms
When these elements are in place, decisions are made at the right level, and teams can adapt without waiting for instructions. Performance improves because many of the internal challenges have been overcome.
It is here where many digital transformation efforts lose momentum. Companies invest in platforms and expect people to use them without any issues. Instead, the existing structure absorbs the new technology without changing how work gets done. The system remains intact, so the outcome does too.
Global research continues to point in the same direction. The World Economic Forum highlights analytical thinking, resilience, and adaptability as core skills for the future workforce. According to the Harvard Business Review, approximately 70% of transformation efforts fail because leaders do not understand the human element of their strategies. The pattern is consistent. Technology enables, but people determine.
For leadership teams, this requires a shift in focus. The question is not only what strategy to pursue or which platform to implement. It is whether the business is structured to execute at the level that strategy demands.
The strongest businesses are not built on strategy alone. They are built on people who are positioned to execute that strategy with clarity, trust, and capability. If that system does not change, performance will not change.