South Africa businesses up security spending but still don’t feel secure

While more than half (51%) of South African businesses have upped their investment in cybersecurity, it’s evident that budgets are not keeping up with needs, especially given the new threats introduced by remote work, according to a new study.

The study, conducted by consultancy conducted by World Wide Worx, in partnership with Dell Technologies and Intel, also revealed that nearly three-quarters of South Africa’s top 100 corporates are investing more in cybersecurity than the industry average. And yet, an almost equal proportion of businesses don’t feel fully that their current cybersecurity strategy gives them the protection they need. 

It may seem like a good thing that corporates are exceeding their cybersecurity budgets, but this may actually be a sign of the fact that their budgets were too low to begin with, according to Arthur Goldstuck, World Wide Worx CEO and the principal analyst on the research project.

Arthur Goldstuck

“In the game of cybercrime cat and mouse, one could argue that there is no such thing as being over-resourced,” Goldstuck said. “However, under-resourcing not only exposes companies to risk, but also poses an existential threat. A major breach can bring down a company. Budgets must catch up to the significance of the threat.”

Despite the mismatch between spend and need, IT decision makers understand that cybersecurity is a critical component of running a modern business, says Goldstuck, noting that 99% of businesses polled by the study believe that it is an important aspect of the business’ broader strategy.

“Organisations understand that cybersecurity is not just about keeping the lights on, our research shows. It’s also important to grow the business and achieve long-term business goals,” Goldstuck said.

Businesses hire outside security professionals

Among the solutions that South African businesses are using to mitigate cyberthreats, the research found that the majority are outsourcing their security needs. The results show that 57% of businesses have hired security professionals to manage their security needs, 41% are using off-the-shelf security solutions and 26% are using an off-the-shelf security solution managed by a partner. The remaining quarter (23%) have hired internal security teams and are using security solutions developed in-house.

Looking at the specific security controls that are in place across South African organisations, the study found that the majority are using VPN access control (98%) and cloud platform managed security (86%). Cyber-recovery solutions — used by 68% of respondents – and secure document storage solutions (used among 61%) also proved popular.

In terms of the emerging technologies that local IT experts believe open them up to the greatest risks, cloud native applications, IoT (the internet of things) and blockchain made the top three. Edge computing, machine learning and AI also featured at the top end of the list.

Remote work brings increased cybersecurity risk

With more and more people working from home, businesses are exposed to additional risks. Over half (55%) of IT decision makers worry about their staff losing their devices, according to the study, and 35% of respondents noted that remote work increases the likelihood of non-company users accessing company data. Thirty-four percent of those polled expressed concern around their inability to control user devices, worrying that this could result in increased exposure to malicious activity. But they are working to mitigate and manage these risks.

Over three-quarters of large corporations (77%) report that their devices are upgraded frequently, with both Trusted Protection Modules and Windows Secure Boot, which helps mitigate physical access vulnerabilities. It is also encouraging that 87% of those polled believe that their data protection strategies are sufficient enough to cope with malware and ransomware threats, and 99% have disaster recovery and backup strategies in place to safeguard their business against an attack.

“Clearly, it’s not all wine and roses when it comes to cybersecurity, data protection and having enough budget to keep your employees and your business assets safe,”  Goldstuck says. Business leaders, though, increasingly understand that a more secure cybersecurity environment is important if the business wants to achieve it’s business objectives (94% of respondents agreed). Similarly, when cybersecurity is handled correctly, employees are more productive (97% agree) and they have the freedom to be more innovative (98% agree) because they trust that their data is being protected by the strong security measures the business has in place.