n line with global trends, South African enterprises are vulnerable to cyberattacks and struggle to protect themselves and find and retain cybersecurity skills amid changing information technology (IT) environments and competing financial and operational demands, a cybersecurity-focused study shows.
The ‘State of Enterprise Security in South Africa 2019’ research report, conducted by market research firm Worldwide Worx and sponsored by cybersecurity multinational Trend Micro and cloud and virtual environment company VMware, surveyed high-level IT decision-makers in 220 large South African enterprises.
Worldwide Worx CEO Arthur Goldstuck outlines the range of challenges and competing dynamics that affect enterprise cybersecurity, highlighting that the highest priorities of enterprises in the report were to grow revenue and acquire clients.
Regulatory compliance was found to be a slightly higher priority than protection against cyberattacks, which was given the same priority as reducing costs or growing internationally.
“Cybersecurity is subsidiary to the main two priorities of gaining clients and growing revenue. Where cybersecurity initiatives fall down is when they undermine the enterprise’s efforts in pursuing the highest priorities,” Goldstuck explains.
However, there has been a fundamental shift in the pattern of spending on cybersecurity over the past three years, with many different categories, including data encryption, mobile security and data backup, featuring high on cybersecurity-spending priority lists.
“There are no longer any standout areas of cybersecurity spending, with the categories of identity access management, authentication and postincident response being assigned similar priorities. “Every aspect has become vital and this is possibly due to the growth in attacks and new attack vectors across a range of systems.”
Further, about 72% of South African enterprises are moderately or well advanced in their move to public cloud systems and most enterprises have various end-point and mobile-device security and data-encryption measures in place.
However, 56% of enterprises highlight that digital transformation and the expanding number of end points have contributed to security breaches.
“This not only provides an indication of the vulnerability of enterprises and highlights the need for cybersecurity across all areas of the business, but also shows that enterprises are aware of the need to secure all elements of the organisation,” says Goldstuck.
There is a disconnect between the recognised need to improve cybersecurity and access to resources, funding and skills to realise this goal.
The report shows that 35.8% of enterprises indicated that their IT department would be the first to detect a breach and take appropriate action, but only 3.7% of enterprises indicated that their IT department should be the most aware of what action to take following a data breach.
The study also highlights the competition for cybersecurity skills, because 64% of enterprises say that recruiting and retaining skilled personnel are challenges in maintaining effective cybersecurity.