According to Cisco’s 2025 Cybersecurity Readiness Index, only 5% of organizations in South Africa are fully prepared to defend against modern attacks.
Accelerating AI threats are also leaving most South African businesses vulnerable to attacks as they remain at the formative stage of security readiness, with a critical skills gap compounding the risk.
The Index outlines that 87% of local organizations experienced AI-related security incidents in the past year, yet only 59% believe their employees understand AI-driven threats. While AI is being rapidly adopted for threat detection and response, gaps in awareness, oversight of GenAI use, and underinvestment in cybersecurity leave businesses dangerously exposed.
Fady Younes, Managing Director of Cybersecurity for Cisco Middle East & Africa, says, “The speed at which AI is being weaponized by threat actors is outpacing traditional security approaches. Globally, we’re seeing that fragmented defenses and under-resourced teams can’t match the scale or sophistication of today’s attacks. Organizations must shift from incremental upgrades to integrated, AI-native strategies that can defend at machine speed; anything less is no longer sustainable.”
Findings for South Africa
The lack of cybersecurity readiness is alarming, as 22% of respondents anticipate business disruptions from cyber incidents within the next 12 to 24 months.
- AI’s Expanding Role in Cybersecurity: An impressive 92% of organizations use AI to understand threats better, 89% for threat detection, and over 80% for response and recovery, underscoring AI’s vital role in strengthening cybersecurity strategies.
- GenAI Deployment Risks: GenAI tools are widely adopted, with 47% of employees using approved third-party tools. However, 21% have unrestricted access to public GenAI, and 40% of IT teams are unaware of employee interactions with GenAI, underscoring major oversight challenges.
- Unmanaged Device Vulnerability: Within hybrid work models, 75% of organizations face increased security risks as employees access networks from unmanaged devices, further exacerbated by using unapproved Gen AI tools.
- Investment priorities are shifting: While 30% of organizations plan to upgrade their IT infrastructure, only 8% allocate more than 10% of their IT budget to cybersecurity. This highlights the need for more focused investment in defense strategies as threats continue to rise.
- Complex Security Postures: Over 60% of organizations report that their complex security infrastructures, dominated by the deployment of more than ten point security solutions, are impeding their ability to respond swiftly and effectively to threats.
- Talent Shortage Impedes Progress: A staggering 78% of respondents identify the shortage of skilled cybersecurity professionals as a major challenge, with more than half reporting more than ten positions to fill.
Smangele Nkosi, General Manager at Cisco South Africa, concludes, “To meet today’s cybersecurity demands, organizations must prioritize AI-powered solutions, streamline their security architecture, and build greater awareness of AI-driven threats. It’s crucial to focus on AI for faster detection, response, and recovery — while also addressing talent shortages and mitigating risks from unmanaged devices and shadow AI.”
