Kathy Gibson reports – As digital transformation rolls out across Africa, cybersecurity is coming to the fore as an issue that affects all governments, organisations, and ciizens.
Mondli Gungubele, deputy-minister of communications and digital technologies, tells delegates to the Cyber Security Forum at the Africa Tech Festival taking place in Cape Town that cybersecurity is no longer just an IT issue.
“It is a national security imperative, a cornerstone of economic stability, and a prerequisite for digital inclusion,” Gungubele says.
The reality is that the cybercriminals are way ahead of most African IT deployments, with the threat landscape evolving along with the latest technology advances.
“Emerging technologies such as artificial intelligence (AI) and advanced cryptographic frameworks are reshaping both the tools of innovation and the methods of attack,” Gungubele says.
“That is why we must foster deeper, multi-stakeholder collaboration among governments, the private sector, academia, and civil society.”
While AI transforms not only user experiences but the tools used to secure systems, it also presents challenges such as algorithmic bias, data manipulation, adversarial attacks, and the weaponisation of generative AI (GenAI), he points out.
Cheng Hao, deputy-CEO of Huawei South Africa, agrees that AI should be a top priority for all countries and enterprises.
“AI is already in your networks, operations, and customer touchpoints,” he says. “It’s helping teams spot anomalies faster and automate routine responses. But it also changes the risk picture.”
To counter the threat, he says it’s vital to know the data that feeds models, be clear about guardrails for how AI is used, and keep an eye on how models behave over time.
“When AI is handled with the same care as your core infrastructure, it becomes an ally for defenders, not an extra headache. That’s the spirit we bring into our cloud and network platforms, and into partnerships across South Africa.”
Meanwhile, quantum computing represents both a breakthrough and a threat.
“On one hand, it offers immense potential for innovation,” says Gungubele. “On the other, it poses an existential challenge to the cryptographic systems that protect our digital world today.
“With quantum capabilities on the horizon, the encryption methods that currently safeguard our communications, financial systems, and data could soon be rendered obsolete. This makes post-quantum cryptography (PQC) a global security priority.”
The time to prepare for a future where quantum computing is widely used is now, Gungubele adds, to avoid having data stolen now and used later when quantum computers are powerful enough.
When it comes to the threat from quantum computing, Hao warns that quantum-capable attacks aren’t tomorrow’s problem. “The data we protect, health records, financial histories, intellectual property, will matter for decades.
“The work to be ready starts now,” he says. “The journey is about crypto-agility, knowing where cryptography lives in your environment and making sure you can upgrade keys and algorithms without drama.
“As an industry, we should move in step with emerging global standards so systems remain interoperable. The outcome we all want is straightforward: protect today’s data against tomorrow’s compute.”
Gungubele urges African governments to explore how they can work together to develop PQC standardisation and work together to safeguard digital sovereignty in the quantum era.
A key focus is vulnerability management, the foundation of proactive cybersecurity. “As our digital infrastructure grows more complex, the challenge of securing it grows too,” Gungubele says.
“Everyone patches; the question is whether patching actually lowers risk,” says Hao. “Leading teams have clear visibility of what’s running, quick coordination between engineering and operations, and smart prioritisation – treating an Internet-exposed, actively exploited issue differently from one deep inside a system with compensating controls.
“When partners move as one team, time to remediate drops, resilience rises, and customers feel the difference as simple reliability.”
Gungubele adds: “Effective security depends on our ability to identify, prioritise, and remediate vulnerabilities before they can be exploited. This requires investment in automation, AI-assisted monitoring, and continuous information-sharing between the public and private sectors.”
States should also work on strengthening their computer security incident response teams (CSIRTs) both nationally and within the sector. “By improving coordination and intelligence-sharing, we can move from being reactive to being proactive and preventive,” Gungubele says.
Hao stresses that governments, enterprises, civil society, and vendors all need to work together to address these security issues.
“Because South Africa’s next leap is about more than coverage and speed,” he says. “It’s about secure connectivity that unlocks intelligent industry, safer cities, better public services, and real opportunity for small businesses.
“It’s about giving developers confidence to build on local cloud, giving enterprises confidence to modernise core systems, and giving citizens confidence that their data and privacy are respected.”