The World Economic Forum’s Global Cybersecurity Outlook 2025 paints a grim picture of an increasingly complex and volatile digital world.
Paul Stuttard, CEO of Duxbury Networking Cape Town
South African businesses must take note, as cyber risks are no longer isolated to global corporations. Instead, these risks are a pressing issue across industries and company sizes regardless of geographic location. In a rapidly evolving threat landscape, adopting a security-first mindset and aligning strategies with global cybersecurity trends is crucial.
The 2025 report highlights several critical factors shaping today’s cyber landscape. Geopolitical tensions, AI-driven threats, supply chain vulnerabilities, and regulatory complexities compound cybersecurity challenges. These factors are not just theoretical risks but are things that have already impacted businesses worldwide.
One of the key findings is the rise of cyber inequity, where large enterprises with substantial resources are advancing in cyber resilience, while smaller organisations — such as many South African SMEs — struggle to keep pace. Nearly 35% of small businesses worldwide report inadequate cyber resilience, a sevenfold increase since 2022. This should be a wake-up call for local companies that often underestimate their exposure to cyber risks despite making top-level investments in their defences.
Of course, this does not mean the public sector is not under threat as well. In South Africa, government institutions have been dealing with frequent cyberattacks. Due to funding restraints, they are unable to afford good cyber resilience.
The global skills shortage of four million cybersecurity professionals presents another challenge. Highly skilled South Africans are increasingly working for international companies remotely, while local companies outsource many non-core functions.
However, outsourcing Managed Detection and Response (MDR) could help organisations access specialised cybersecurity skills, reduce costs, and improve flexibility.
The rise of AI-driven threats
AI has emerged as a double-edged sword in cybersecurity. On one hand, organisations are leveraging AI to enhance threat detection and automate security processes. On the other hand, cybercriminals are using AI to scale up sophisticated attacks, including deepfake scams, AI-generated phishing, and ransomware-as-a-service models.
In 2024 alone, AI-powered cyberattacks surged, with 42% of organisations globally reporting successful social engineering attacks. This trend will only accelerate in 2025 as adversaries refine their tactics using generative AI. South African businesses must therefore take proactive steps to mitigate AI-based cyber threats by implementing multi-factor authentication (MFA), AI-driven anomaly detection, and employee cybersecurity awareness training.
Supply chain risks
With supply chain complexities increasing, third-party vulnerabilities are now the top cybersecurity risk for large organisations, with 54% citing supply chain risks as their primary concern. South African businesses that rely on international software, cloud services, and IT vendors should assess the security posture of their partners and implement zero-trust architectures to minimise exposure.
A significant risk comes from software vulnerabilities introduced by third parties, which cybercriminals exploit to infiltrate networks. This underscores the need for continuous vulnerability assessments, software supply chain security frameworks, and strict compliance with cybersecurity regulations.
The expanding regulatory landscape
While cybersecurity regulations are strengthening global resilience, the rapid proliferation of compliance requirements is creating new challenges for businesses. The report notes that 76% of CISOs find the fragmentation of regulations across different regions difficult to manage.
South African companies must navigate both local and international compliance mandates, such as the Protection of Personal Information Act (POPIA) and the European Data Protection Regulation (GDPR), and other evolving global cybersecurity frameworks. Compliance is no longer a box-ticking exercise but a strategic necessity to build trust and resilience.
Practical steps for local businesses
To navigate the evolving cybersecurity landscape, South African businesses should focus on AI-driven security solutions, regular cybersecurity training, zero-trust models, continuous security audits, and regulatory alignment. MDR services offer a compelling solution to mitigate the global cybersecurity skills shortage, providing access to expert services through flexible OPEX models that free up capital while enhancing cyber resilience.
The WEF Global Cybersecurity Outlook 2025 makes it clear that cyber resilience is a competitive necessity. South African businesses must rethink their security strategies, leveraging AI, strengthening supply chain defences, and ensuring compliance with evolving regulatory requirements.
By prioritising cybersecurity as a strategic function rather than a technical afterthought, organisations can thrive in an increasingly complex digital world. The time to act is now.