The CSIR Information and Cybersecurity Centre, in collaboration with the Cybersecurity Hub under the Department of Communication and Digital Technologies, has released four national cybersecurity surveys conducted at the end of the 2023/24 financial year. These comprehensive surveys delve into critical areas such as cybersecurity preparedness and resilience in the public sector, cybersecurity skills gaps, cybersecurity incidents, and the digital identity landscape in South Africa.
The national surveys were conducted using a combination of telephone interviews and online questionnaires to reach a diverse sample of participants across South Africa. A particular focus was placed on the larger provinces such as Gauteng, KwaZulu-Natal and the Western Cape to ensure a broad representation. Over 300 responses were collected for each survey, resulting in a total of over 1200 individuals and organisations participating. This robust sample size provided a solid foundation for the survey findings and analysis. These surveys provide valuable insights into the current state of cybersecurity in the country, and offer recommendations for improvement by government and industry.
Key findings
• Prevalence of cyberattacks: A significant 47% of organisations reported experiencing one to five cybersecurity incidents in the past year, underscoring the persistent threat landscape.
• Data breaches: A concerning 88% of participants admitted to suffering at least one security breach, with 90% of those organisations being targeted multiple times.
• Malware and phishing: Malware and phishing attacks emerged as the most common cyberthreats, with organisations reporting a high incidence of these attacks.
• Cybersecurity awareness: Only 32% of the respondents indicated that over half of their employees have received cybersecurity awareness training in the past year, indicating a serious gap in organisations’ seriousness in building cybersecurity awareness and culture.
• Skills gap: A critical challenge identified was the cybersecurity skills gap, with 63% of cybersecurity roles partially or fully unfilled.
• Talent retention: Retaining cybersecurity talent is another pressing issue, with 35% of professionals citing better offers, lack of training opportunities and other factors as reasons for leaving their current positions.
• Cybersecurity monitoring: Only 41% of the organisations are assessing and monitoring cyberthreats on a daily basis, indicating that the majority of organisations are not prepared to deal with cyberthreats. According to Telecom Review Africa, South Africa experiences almost 20 million cybersecurity threats or attacks per month.
• Digital identity: Financial institutions (88%) were considered the most important driver of the South African digital identity market. Over two thirds mentioned both encryption and privacy technologies (71%), and biometrics (68%) as drivers, while half reported identity theft being a serious concern that can be addressed by digital identity.
Dr Jabu Mtsweni, Head of the CSIR Information and Cybersecurity Centre, emphasised the significance of these surveys, stating, “In today’s interconnected world, cybersecurity is a paramount concern. These national surveys provide a comprehensive assessment of our cybersecurity posture, and highlight areas where we need to strengthen our defences as a country. They provide local and contextual research in this domain.”
Dr Kiru Pillay from the Cybersecurity Hub commented that while the integration of ICTs into daily life has greatly benefited society, increased digital connectivity also introduces significant risks, as cybercriminals exploit vulnerabilities in cyberspace. Cybersecurity must therefore be prioritised as a strategic imperative across all aspects of governance and service delivery. Studies like these are crucial in helping us understand our current standing as a country and determining where we should focus our initiatives.
Recommendations
Based on the survey findings, the CSIR recommends the following actions:
• Invest in cybersecurity: Increase investment in cybersecurity infrastructure, education and research.
• Develop a skilled workforce: Prioritise the development of a skilled cybersecurity workforce through training and education programmes.
• Strengthen incident response: Enhance incident response capabilities to effectively handle cyberattacks.
• Improve digital identity: Implement robust digital identity solutions to protect users online.
• Foster public-private partnerships: Encourage collaboration between the public and private sectors to address cybersecurity challenges.
The CSIR believes that by addressing these recommendations, South Africa can significantly improve its cybersecurity posture and protect its critical infrastructure and citizens from cyberthreats.
For more information contact Phetolo Phatsibi, CSIR,
© Technews Publishing (Pty) Ltd | All Rights Reserved
printer friendly version