As organisations worldwide navigate an increasingly fragmented digital landscape, South African businesses face unique challenges that demand urgent attention to cybersecurity and data infrastructure, according to BDO’s latest Techtonic States report.
The global research, which surveyed business leaders across multiple sectors and geographies, reveals a fundamental shift in how organisations view technology strategy. Resilience has emerged as the most critical business quality with 61% of leaders worldwide identifying it as paramount to success in today’s volatile environment.
“The perception of cyberthreats has fundamentally shifted from ‘it probably won’t happen to us’ to ‘it’s only a matter of time,'” says Rocco Galletto, global cybersecurity leader at BDO. “No business is too small and no sector is off-limits. Attackers are motivated by financial gain using ransomware and data theft to achieve their objectives.”
For South African businesses, the challenges are compounded by local infrastructure vulnerabilities.
Khaya Mbanga, chief information and digital officer at BDO South Africa, identifies four critical factors creating a complex threat landscape:
- Infrastructure vulnerabilities: Load shedding and infrastructure instability create additional security risks as businesses rely heavily on backup systems and remote work capabilities.
- Skills shortage: The global cybersecurity skills gap is particularly acute in South Africa where specialised talent often migrates to international markets.
- Regulatory complexity: POPIA implementation and increasing regulatory scrutiny require businesses to balance compliance with operational efficiency.
- Economic pressure: Cost constraints force difficult trade-offs between immediate operational needs and long-term security investments.
Key global findings from the Techtonic States report reveals significant shifts in technology priorities:
- 76% of leaders expect their organisation’s cybersecurity risk to increase over the next 12 months.
- 68% say technological advances are intensifying cyber risks and generating new forms of cybercrime.
- 64% now prioritise data management and analytics – jumping from 2nd place in 2023 to 1st in 2025.
- 61% are focused on AI implementation – a dramatic rise from 8th place in 2023.
- 45% report that data security concerns are preventing greater investment in AI technologies.
While 57% of organisations are fast-tracking their AI adoption journey, only 42% of leaders say their data infrastructure is set up to fully leverage AI technologies.
“For South African businesses, this represents both a challenge and an opportunity to leapfrog traditional infrastructure limitations,” says Mbanga.
The Techtonic States Report introduces three dimensions of the “New Business Edge”: Build; Grow; and Secure – with this chapter focusing on the foundational “Build” dimension.
BDO recommends South African businesses focus on:
Immediate actions:
- Conducting comprehensive risk assessments accounting for local infrastructure vulnerabilities.
- Reviewing and updating incident response plans for both cyberattacks and power-related disruptions.
- Implementing employee awareness training tailored to South African threat landscapes.
Strategic investments:
- Developing unified data strategies that consolidate organisational information into secure, single sources of truth.
- Building flexible sourcing approaches blending local and international cybersecurity capabilities.
- Creating governance frameworks for AI and emerging technology adoption.
Long-term resilience:
- Embedding risk thinking into culture and decision-making processes.
- Investing in local cybersecurity talent development and retention.
- Building partnerships with trusted advisors who understand both global threats and local challenges.
The research shows 73% of leaders agree that to succeed in a highly uncertain and volatile operating environment, organisations must prepare for a range of potential futures. Many leaders (52%) anticipate a “World Fragmented” scenario – defined by deeply fragmented markets and supply chains.
“As we mark the 22nd Cybersecurity Awareness Month, the message for South African businesses is clear: cybersecurity is not a cost centre, but a business enabler,” says Mbanga. “In a world where resilience has become the most important business quality, cybersecurity forms the foundation upon which digital transformation, innovation, and growth can safely occur.”