In 2025, several prominent South African companies faced the all-too-common reality of a cyberattack. Some took days to respond, with their systems offline and reputations on the line. Others, though fewer in number, recovered quickly, communicated clearly, and demonstrated control under pressure. The key difference? Preparation.
According to Pierre Lombard from SHA, these moments are no longer purely technological. “They are tests of leadership,” he declares. “When a business can maintain trust, stability, and service in the face of a breach, it gains more than just operational recovery. It earns a competitive advantage.”
The anatomy of a response done right
Lombard says breaches are inevitable. However, it is not the presence of breaches that dictates a strong or weak cyber stance, it hinges on whether a business has built resilience through structure, foresight, and training.
From SHA’s recent claims review and based on real-world events, Lombard has identified three common traits in effective cyber responses:
- Clarity of command: Organisations with clearly defined roles and escalating paths act faster and more confidently, while mitigating decision paralysis.
- Stakeholder communication: Transparent, timely, and honest communication with staff, clients, and regulators helps manage reputational risk and maintain trust.
- Tested resilience: Regular simulations, up-to-date contingency plans, and rehearsed recovery protocols mean response teams don’t scramble when an incident occurs, they execute.
Lombard says organisations with rehearsed response plans and clear governance frameworks tend to experience lower long-term losses and reputational damage. It is well known that breaches that are not detected or contained early, are more expensive than those that are.
“From our observation, companies that respond within hours, and not days, suffer fewer long-term losses and are more likely to retain customer and investor confidence,” he notes.
Impact on South African businesses
Major South African organisations have been targeted including Cell C, Astral Foods, Standard Bank and more. These attacks exposed everything from customer data to sensitive internal systems. Yet, Pierre says the greatest vulnerability often lies in the boardroom, not in the usually suspected firewall.
Multiple global studies highlight how many breaches are first detected by external parties (customers, attackers, or regulators) not internal teams. Research indicates the number may be up to 67% of all instances.
“This reinforces the need for internal detection and escalation, and to be ready on the communication front, to control the narrative,” notes Lombard.
PwC’s 2025 Digital Trust Insights report suggests that less than half of companies surveyed have implemented cyber resilience actions across entire organisations, and that a significant readiness gap exists. Pierre believes this ought to be a wake-up call for those tasked with ensuring readiness given that readiness is a major determinant of the cost and recovery time following a breach.
“A rapid, coordinated response can mean the difference between a controlled incident and a prolonged crisis. Businesses that detect issues early, act fast, and communicate with confidence can quickly minimise downtime and retain stakeholder trust. Those that don’t, face weeks of uncertainty, reputational harm, and potential litigation,” says Lombard.
How can leaders improve readiness?
You don’t need to be a cybersecurity expert to lead well in a breach. But Lombard advises that you do need a plan, as well as the discipline to prepare for a crisis that may never come.
Robust cyber leadership today should involve:
- Running breach simulations across departments
- Establishing a clear crisis communication protocol
- Mapping data access across internal teams and external vendors
- Clarifying who takes charge, both operationally and legally, during a breach
Preparation builds advantage
According to Lombard, a well-handled breach response sends a powerful signal. “It says that this is a company that leads with integrity, plans for disruption, and puts trust first. Customers remember that and so do investors and regulators.”
It is the most prepared company that recovers fastest from cyberattacks, not always the most secure. “If your business made headlines tomorrow, would your clients trust you more or less? The answer lies in preparation and in leadership,” he concludes.