SA’s cyber security stance weakened by lack of skills

by May 15, 2023Insights

Africa, like the rest of the world, is currently hampered by a general lack of cyber security skills and knowledge. This is especially true for enterprises that require advanced protection systems to be implemented. Combined with immature cyber security regulations and legislation in South Africa, this lack of skills leaves many large companies vulnerable to cyber threats.

A new Cyber Crimes Act was recently implemented to bring South Africa’s legislation in line with global best practices. However, as dependence on digitisation increases for local businesses, so too will the threats posed by cyber criminals.

4C Cyber Security, in partnership with KnowBe4, offers various solutions to small and large companies in Africa Including risk assessments, vulnerability management, compliance management and user awareness training. We are also able to conduct simulated phishing attacks for your employees to test their perception and awareness of security threats.

A hooded man in a mask sits in a dark smoky room behind a laptop

More cyber security skills and proactive measures are needed

The general lack of IT and cyber security skills are not unique to South Africa. Throughout the world, countries are held back by limited security awareness, inefficient processes and a lack of protection measures. Apathy towards cyber security within companies and public organisations contributes to this lack of skills.

According to KnowBe4 Africa’s senior vice president, Anna Collard, South Africa is likely to become a hotspot for cyber crime as more advanced nations present harder targets for criminals.

“We predict cyber extortion groups and cybercrime syndicates will shift their attention away from the more mature nations like the US towards emerging economies like Africa – where industries have a large cyber dependency, but lack the resources to adequately prevent, retaliate or prosecute cyber criminals,” she says. 

“Legislation is a necessary step towards cyber security maturity but plays only one part,” adds Collard. The onus is still on businesses to minimise the cyber security skills shortage by providing additional user awareness training for all employees – even executives, heads of departments and managers.

person sitting in front of a computer screen

How different sectors perform

There are certain private sectors in South Africa that already have a better understanding and awareness of cyber security threats, such as the financial services sector. These companies have implemented solid strategies, processes and technologies to protect their data and customer information. 

“This is no surprise as in South Africa banks have a long history of mature security culture, large SOC and CSERT operations and are one of the major employers for security professionals. But even amongst those mature environments, employers struggle to find or retain cyber security talent,” states Collard. 

“The public sector and some critical infrastructure organisations are much less well prepared. Similarly, in law enforcement, we will need more capacity building to adequately deal with cyber security incidents, victims and processes such as forensics and securing evidence chains,” she adds.

“The worst performing result came from another South African sector: the hospitality industry. Tourism is an important sector of the South African economy but has been plagued by the Covid restrictions and lockdowns, as well as the country’s electricity crisis. Many businesses suffered near or full bankruptcy which may explain a lesser focus on perceived non-business critical tasks such as cyber security culture,” she explains

More private-public collaboration and partnerships are needed to mitigate the general lack of cyber security skills and training in South Africa. The country currently ranks ninth in the world for the costs associated with data breaches and information hacks. Currently, only 14 out of 55 countries in Africa have enacted cyber crime laws – South Africa being one of the most recent to do so in 2021.

The cyber security skills shortage can be minimised through user awareness training and by implementing effective controls within digital systems. If you’d like to find out more about our cyber security offerings, please contact us today.


At 4C Group of Companies, we strive to effect operational changes and cost savings for customers through our iNSight product and associated services. This product’s main function is to re-purpose and deliver business-critical information to a variety of systems and stakeholders. 

We specialise in information management, business assurance, fintech solutions and a variety of cyber security services. For more insights into our products and services, check out our blog page or follow us on Facebook, LinkedIn and Twitter.

You may also like…

The Ever-Evolving Threat Landscape

The Ever-Evolving Threat Landscape

Why Your Cybersecurity Needs Regular Attention The digital age has brought incredible advancements in communication, productivity, and access to information....

read more