Cybersecurity threats present a significant challenge across the African continent, impacting various sectors and regions. As Africa undergoes rapid digital transformation, cyberthreats such as ransomware, business e-mail compromise (BEC) and malware are on the rise, disrupting essential services across nearly every industry.

This increase is driven by the continent’s expanding digital footprint, fuelled by fintech innovation and e-government services. As a result, African organisations have become increasingly attractive targets for cybercriminals. At the same time, challenges persist around cloud security, insider threats and the protection of critical infrastructure. While efforts to bolster cyber resilience and strengthen law enforcement capabilities are underway, the need for a comprehensive cybersecurity culture has never been more urgent.

A commonly overlooked yet vital element of cyber resilience is people. Employees at every level can either strengthen or weaken an organisation’s defences. To explore this further, TechCentral and Velocity Technology Group convened a select group of industry experts – including CIOs, CISOs, and heads of ESG, GRC, legal and HR – to unpack the role of organisational culture in developing cyber resilience, from leadership to the operational front line.

Lessons from the past

The conversation began with a reflection on the 2013 Target breach – an incident later labelled as the industry’s wake-up call. Despite having numerous security controls in place, Target’s vulnerabilities were exploited, exposing a critical gap: its people. From board members and executives to frontline staff, the human element proved pivotal.

Delegates agreed that cultivating a cyber-resilient culture requires a holistic approach. This begins with leadership, where tone and commitment must be set from the top and communicated clearly throughout the organisation. Everyone must understand their role in safeguarding the organisation against cyberthreats.

A lively debate followed regarding where people-enablement efforts should be focused. Some questioned whether board-level and C-suite executives truly understood cybersecurity risk and whether they were allocating sufficient resources to secure the broader workforce. While many organisations are indeed investing in cyber resilience, there is still considerable work to be done in building a truly end-to-end cyber-resilient workforce.

Scaling human firewalls

Beyond basic phishing simulations, how are organisations transforming employees into proactive cyber sensors? How can leadership drive this shift through measurable cultural change?

Many delegates highlighted the need to move beyond traditional awareness training and towards comprehensive human defence programmes. Key points shared included:

Retaining security awareness and simulation as foundational elements;
Leaders setting the tone by modelling secure behaviour;
Establishing behavioural norms, such as using strong passwords and reporting suspicious activity;
Promoting open communication around cybersecurity policies, incidents and expectations; and
Ensuring all employees understand their responsibilities and are held accountable.

By embedding cybersecurity into day-to-day culture, organisations can create an environment of shared responsibility, significantly reducing breach risks and boosting overall resilience.

Risk appetite vs innovation pace

How do organisations balance the pace of digital innovation with the board’s stated cyber-risk appetite? Which governance measures help keep this balance transparent?

Delegates acknowledged that rapid innovation is vital for competitiveness, but it inevitably introduces cybersecurity risk. They shared the following best practices to align innovation with robust security:

Prioritise security from the outset: Embed security into the earliest planning stages of projects. Conduct initial risk assessments to proactively identify vulnerabilities.
Adopt DevSecOps practices: Integrate security into DevOps processes to create a culture of shared responsibility. Automate security testing and continuously monitor for issues.
Implement secure coding practices: Train developers on secure coding methods – such as input validation and encryption – and conduct regular code reviews to spot risks early.
Foster a security-first culture: Promote security as a core value across development teams and reward proactive cybersecurity behaviours.

Conclusion

Delegates concluded that building a cyber-resilient culture means making security a shared, everyday responsibility. Leadership must be active and visible in setting expectations, while human defence strategies must evolve beyond traditional training. Recognising and rewarding good cybersecurity behaviour reinforces positive habits and helps embed a lasting culture of resilience.

TechCentral and Velocity Technology Group thank all participants for their valuable contributions to this critical discussion.

Read more articles by Velocity Technology Group on TechCentral
This promoted content was paid for by the party concerned

Follow TechCentral on Google News Add TechCentral as your preferred source on Google

The AI revolution has a new capital – and it’s not in California

Altron’s FY26 earnings seen firmer as platforms power growth

Datatec is firing on all cylinders

South Africa risks losing a generation of developers to AI

Lesaka lifts full-year earnings guidance

‘It was my idea’: Musk claims paternity of OpenAI

Pivotal week for US tech stocks

Worries over OpenAI’s growth as Anthropic gains ground

Taylor Swift trademarks her voice to fight AI fakes

DeepSeek’s long-awaited V4 model enters preview

Alfa’s electric rebel

Africa switches on as Europe dims the lights

The biggest untapped EV market on Earth is hiding in plain sight

The R16-billion tech giant hiding in plain sight

The last generation of coders

TCS+ | The retirement decision most South Africans get wrong

TCS | The Cape Town start-up listening for TB with AI

TCS+ | ‘The ISP for ISPs’: Vox’s shift to wholesale aggregator

TCS | Werner Lindemann on how AI is rewriting the infosec rulebook

TCS | Donovan Marsh on AI and the future of filmmaking

Free calls, dead voice and Shameel Joosub’s Spanish ghost

The conflict of interest at the heart of PayShap’s slow adoption

South Africa’s energy future hinges on getting wheeling right

Apple just dropped a bomb on the Windows world

VC’s centre of gravity is shifting – and South Africa is in the frame

Building a cyber-resilient culture from the boardroom to the front lines

Lessons from the past

Scaling human firewalls

Risk appetite vs innovation pace

Conclusion

Hexion deploys 30 petabyte sovereign data archive in South Africa

We’re hiring: TechCentral is looking for technology journalists

How to set up a smart home in South Africa

Free calls, dead voice and Shameel Joosub’s Spanish ghost

The conflict of interest at the heart of PayShap’s slow adoption

South Africa’s energy future hinges on getting wheeling right

The AI revolution has a new capital – and it’s not in California

Hexion deploys 30 petabyte sovereign data archive in South Africa

Altron’s FY26 earnings seen firmer as platforms power growth

Datatec is firing on all cylinders

Subscribe to the newsletter

Building a cyber-resilient culture from the boardroom to the front lines

Lessons from the past

Scaling human firewalls

Risk appetite vs innovation pace

Conclusion