As 2025 draws to a close, South Africa’s industrial operators are reflecting on a year of profound change – and concerns.
By Doros Hadjizenonos, regional director: southern Africa at Fortinet
A significant and oh-so-welcome development was the end of systemic loadshedding, with the grid achieving more than six months of stability as the year comes to an end. But as one crisis receded, a more complex, digital-first risk is taking its place.
The primary lesson of 2025 is this: stability has triggered an accelerated, large-scale digitisation of our overall industrial base, and this rapid convergence of IT and Operational Technology (OT) is happening on a foundation that, in essence, wasn’t designed to be cybersecure.
The “air gap” that once protected factory production lines, power substations, and water treatment plants from the corporate IT network is gone. This convergence is a modern business necessity – enabling remote monitoring, predictive maintenance, and efficiency.
The risk, however, comes from connecting modern IT systems to legacy OT – such as SCADA and Programmable Logic Controllers (PLCs) – which were built for physical safety, not cybersecurity. They cannot be easily patched and were never designed to face the (then unforeseen) threats of 2025.
The power grid lesson: From instability to integration risk
The lesson of 2025 isn’t about managing reboots from loadshedding anymore, but about managing the complex risks of new connections. The new energy stability period has unlocked a “green rush” of both renewable power projects as well as overall digitisation.
We are connecting new Independent Power Producers (IPPs) to the grid, rolling out municipal smart metering, and upgrading legacy systems at scale. But the danger lies at the new digital seams emerging.
We have seen warnings of this all year. From the outset of 2025, the public sector has been under siege – with many fending off attacks and others being less lucky.
The immense challenges in enforcing the South Africa Critical Infrastructure Protection Act (CIPA) are another signal, with “tanker mafias” and other criminal elements representing a physical threat to water infrastructure that has a direct digital parallel: an unpatched vulnerability in a municipal SCADA system could prove just as catastrophic as physical sabotage.
The factory floor lesson: A boardroom-level financial event
The manufacturing sector had to learn this lesson in a year it could least afford it. With the Absa Purchasing Managers’ Index (PMI) slipping back into contraction at 49.2 in October, the sector remains under intense pressure, leaving no room for a costly digital disruption banging at the gates.
This threat isn’t abstract for South Africa. The automotive sector, a cornerstone of our manufacturing base, also saw repeated warnings in 2025.
The industrial security posture for 2026
As we plan for 2026, the lessons of this past year must inform a new industrial security posture.
First, unified visibility is paramount. Operators cannot protect what they cannot see. This must start with a comprehensive audit of every single device connected to both the IT and OT networks to eliminate critical blind spots.
Second, network segmentation has become the most powerful defence. This is the modern equivalent of the “air gap.” A successful breach of the corporate network must be contained. By segmenting networks, an attacker who compromises the finance department is stopped by an internal firewall, completely unable to “see” or access the factory floor’s control systems.
Finally, operators must adopt a Zero Trust approach for all industrial systems. Every user, device, or application seeking to access the OT network must be verified, every single time. Trust is never assumed.
In 2025, the risk moved from the data centre to physical industrial spaces, and the threat shifted from managing instability to securing integration. The lesson is that a digital risk to our physical infrastructure is a direct threat to economic productivity and public safety.
As we move into 2026, our operational resilience will be defined not by how we manage physical assets, but by how we secure the digital convergence that now controls them.