Inflation, digital and technology, and cyber risks have been identified as the top three risks being prioritised for mitigation over the next 12 months by organisations in South Africa, Africa, and globally.

These key findings are reflected in PwC’s Global Digital Trust Insights Survey 2023: South Africa Report – an annual survey conducted to obtain the views of senior executives on the challenges and opportunities to improve and transform cybersecurity within their organisation in the next 12 to 18 months.

The survey was conducted in 19 different languages across 71 territories, with 3 876 participants (business, technology and security executives) responding. The questions covered six key areas: cyber risk management, working with hyperscalers, regulations, defence GPT: GenAI-powered cyber, portfolio rationalisation and cyber fit for growth, and cyber transformation and technical solutions.

“Our latest report shows that companies are shifting towards using mostly digital supply chains and, as this happens, new risks are posed to cybersecurity,” says Hamil Bhoora, PwC Africa’s cybersecurity leader. “Each time business leaders try something new they face new challenges to keep information safe. The latest insights from our 2023 report reveal that the field of cybersecurity is in a state of constant evolution and swiftly adapting to keep pace with business inventiveness.”

Survey results show that digital and technology risks are most interconnected with cyber risks. In South Africa, 47% of respondents are most concerned about attacks on connected devices compared to 42% in Africa and globally, while 53% of local respondents are most concerned about cyberattacks damaging their company brand.

“This requires chief information security officers (CISOs) and tech leaders to position themselves at the epicentre of innovation in their organisations,” Bhoora says.

The proportion of costly cyber breaches (those equating to more than $1-million) has also increased since last year. In South Africa, 27% of respondents were affected by data breaches costing in the region of $1-million to $9-million.

“What’s evident is that cyber investments are becoming a bigger priority for business leaders, with 79% of organisations planning to increase their cyber budget in 2024,” Bhoora says. “Those who experienced a cyber breach of $1-million or greater are those who are more likely to increase their cyber budget.”

When allocating cyber budgets in the next 12 months, the majority of business leaders in South Africa, Africa and globally said they are going to prioritise the modernisation of technology and optimisation with their cyber investments.

Wandile Mcanyana, PwC South Africa cybersecurity partner, says: “This increased area of focus and investment is needed as 56% of respondents in South Africa (40% in Africa) said they don’t have enough cybersecurity technology solutions. Further to this, many companies are reporting activities to transform cyber in their organisations, but only about a quarter are realising the benefits.”

When assessing the top priorities for organisations in their cyber talent strategy over the next 12 months, 76% of respondents in South Africa (79% in Africa; 69% globally) said this was upskilling their current workforce fast enough to keep up with their organisation’s demands and rebalancing between in-house and outsourced or managed services.

On matters relating to DefenseGPT (the rise of generative AI in relation to cybersecurity), organisation leaders said they are gearing up to deploy generative AI (GenAI) tools for cyber defence. However, more knowledge around the cyber risks associated with various technologies is needed locally as only 29% of respondents in South Africa said they understand the risks posed by GenAI (18% in Africa), and 32% (25% in Africa) understand the risks posed by virtual environment tools.

“Gaining this understanding is important as AI governance is needed to harness enthusiasm for GenAI applications to grow the business and have more productive workers,” says Mcanyana.

“Considering the findings of our latest report, it is evident that CISOs are taking the lead in their organisations,” Bhoora says. “It is important for them to be empowered to step beyond their traditional roles as independent cybersecurity experts and instead forge partnerships not only with selected executives, but with the entire C-suite and board. This collaborative approach will ensure a comprehensive and unified front against emerging threats, safeguarding the integrity and trust of businesses in today’s dynamic digital landscape.”