There’s a growing unease in boardrooms, data centres and cabinet offices across South Africa. It’s not just about economic headwinds or political uncertainty, it’s about something quieter, more technical and yet just as dangerous − the rising tide of cyber threats. From phishing, scams to ransomware and deepfakes, attacks are growing more sophisticated, more frequent and more expensive. And the truth is, most organisations aren’t ready.
That’s not a guess. It’s the clear picture emerging from our latest State of Cybersecurity 2025 research that shows just 36% of technology leaders acknowledge that AI is outpacing their security capabilities – yet a staggering 90% of companies lack the maturity to counter today’s AI-enabled threats. Cyber threats are evolving faster than enterprise defenses can adapt – and generative AI is widening the gap. With unprecedented speed and scale, AI is enabling attackers to bypass legacy systems and overwhelm security teams. Traditional defenses are no longer sufficient.
This is not merely a technical issue; it is a strategic risk. The cyber threat landscape is being reshaped not only by technology, but by geopolitics. Heightened global tensions, changing trade dynamics and shifting regulations are compounding cyber exposure. Furthermore, a severe cybersecurity talent shortage presents a significant challenge. While awareness of AI-related risks is increasing, security measures are simply not keeping pace. As companies respond by adjusting supply chains and data strategies, many are unknowingly introducing new cyber risks – especially when security assessment, compliance and risk protocols fail to keep up.
These revelations should ring alarm bells in Sandton, Pretoria and every other place where digital decisions are being made. While AI adoption races ahead, security is playing catch-up. Speed and innovation continue to eclipse safety, with less than half of organisations striking a balance between AI development and security investment. Just 28% of organisations embed security into transformation initiatives from the outset – forcing many to scramble to retrofit defenses later, often under duress. This reactive approach places growing pressure on already stretched security teams.
We surveyed 2286 security and technology executives. They comprised 80% CISOs and 20% CIOs from $1 billion-plus enterprises across 24 industries and 17 countries, including South Africa. Their insights offer a sobering view of the current state of cybersecurity and a clear call to action for what must come next.
Let’s be blunt. Too many of our organisations still treat cybersecurity as an afterthought, something that gets squeezed into the budget if there’s money left over or addressed after an attack has already happened. Meanwhile, cybercriminals are evolving, innovating and automating. This is an arms race and we are not winning it.
The findings shows that only 34% of organisations have a mature cyber strategy. Fewer still – just 13% – possess the advanced cyber capabilities needed to defend against modern, AI-driven threats. The vast majority remain exposed, underprepared and at risk of falling behind as AI-powered threats accelerate.
But there’s a path to safety, a high ground we call the Reinvention-Ready Zone. Only 10% of companies have reached this level. These companies demonstrate maturity in both strategy and capability with a proactive, adaptive and resilient security posture that continuously evolves to counter emerging threats. Compared to those in the most vulnerable zone, which we refer to as the Exposed Zone, this group of companies is 69% less likely to be hit by an advanced attack such as an AI-powered cyberattack. They also see 1,6 times higher returns on their AI investments and reduce technical debt by 1,7 times. They report building stronger customer trust 1,6 times more than those in the Exposed zone, a critical factor in sustaining long-term business success.
Our economic modelling of security outcomes reveals that a 10% increase in security investment, strategically directed toward Reinvention-Ready Zone practices, can enable organisations to detect, contain and remediate cyber threats 14% faster. We recommend four decisive actions for companies to achieve Reinvention-Ready Zone status. These actions not only protect AI investments but also leverage AI to enhance cybersecurity defenses and resilience.
• Develop and deploy a fit-for-purpose security governance framework and operating model accounting for the realities of an AI-disrupted world. Establish clear accountability and align AI security with regulatory and business objectives.
• Design the digital core to be generative AI-secure from the outset. AI must be developed, deployed and operated with security integrated at every stage, yet only 37% of organisations assess AI security before deployment.
• Maintain resilient AI systems with secure foundations and proactive threat management. Emerging AI-based cyberattacks – including AI worms like Morris II – can embed malicious prompts into AI models allowing attackers to hijack AI systems and compromise sensitive data.
• Reinvent cybersecurity with generative AI to scale security capabilities, strengthen cyber defenses and detect threats earlier. With an estimated 4,8 million cybersecurity positions unfilled worldwide, AI presents an opportunity to bridge the cybersecurity talent gap by amplifying security professionals.
Organisations that bake security into their AI-powered transformations will not only survive but thrive, gaining a crucial competitive edge, cementing customer loyalty and building unshakable resilience. Ascending to the Reinvention-Ready Zone – where robust security is deeply embedded in both strategy and capability – requires focused effort, strategic investment and leadership from the top down.
The Reinvention-Ready Zone is within reach, but it requires decisive action. By adopting a secure governance framework, building resilient AI systems, leveraging generative AI for security and embedding security into every stage of AI development, companies can close the security gap and confidently navigate an era of accelerating cyber threats.
For more information contact Jonathan Mahapa, Accenture South Africa,
© Technews Publishing (Pty) Ltd | All Rights Reserved
printer friendly version