Cybersecurity threats present a significant challenge across the African continent, impacting various sectors and regions. As Africa undergoes rapid digital transformation, cyberthreats such as ransomware, business e-mail compromise (BEC) and malware are on the rise, disrupting essential services across nearly every industry.

This increase is driven by the continent’s expanding digital footprint, fuelled by fintech innovation and e-government services. As a result, African organisations have become increasingly attractive targets for cybercriminals. At the same time, challenges persist around cloud security, insider threats and the protection of critical infrastructure. While efforts to bolster cyber resilience and strengthen law enforcement capabilities are underway, the need for a comprehensive cybersecurity culture has never been more urgent.

A commonly overlooked yet vital element of cyber resilience is people. Employees at every level can either strengthen or weaken an organisation’s defences. To explore this further, TechCentral and Velocity Technology Group convened a select group of industry experts – including CIOs, CISOs, and heads of ESG, GRC, legal and HR – to unpack the role of organisational culture in developing cyber resilience, from leadership to the operational front line.

Lessons from the past

The conversation began with a reflection on the 2013 Target breach – an incident later labelled as the industry’s wake-up call. Despite having numerous security controls in place, Target’s vulnerabilities were exploited, exposing a critical gap: its people. From board members and executives to frontline staff, the human element proved pivotal.

Delegates agreed that cultivating a cyber-resilient culture requires a holistic approach. This begins with leadership, where tone and commitment must be set from the top and communicated clearly throughout the organisation. Everyone must understand their role in safeguarding the organisation against cyberthreats.

A lively debate followed regarding where people-enablement efforts should be focused. Some questioned whether board-level and C-suite executives truly understood cybersecurity risk and whether they were allocating sufficient resources to secure the broader workforce. While many organisations are indeed investing in cyber resilience, there is still considerable work to be done in building a truly end-to-end cyber-resilient workforce.

Scaling human firewalls

Beyond basic phishing simulations, how are organisations transforming employees into proactive cyber sensors? How can leadership drive this shift through measurable cultural change?

Many delegates highlighted the need to move beyond traditional awareness training and towards comprehensive human defence programmes. Key points shared included:

Retaining security awareness and simulation as foundational elements;
Leaders setting the tone by modelling secure behaviour;
Establishing behavioural norms, such as using strong passwords and reporting suspicious activity;
Promoting open communication around cybersecurity policies, incidents and expectations; and
Ensuring all employees understand their responsibilities and are held accountable.

By embedding cybersecurity into day-to-day culture, organisations can create an environment of shared responsibility, significantly reducing breach risks and boosting overall resilience.

Risk appetite vs innovation pace

How do organisations balance the pace of digital innovation with the board’s stated cyber-risk appetite? Which governance measures help keep this balance transparent?

Delegates acknowledged that rapid innovation is vital for competitiveness, but it inevitably introduces cybersecurity risk. They shared the following best practices to align innovation with robust security:

Prioritise security from the outset: Embed security into the earliest planning stages of projects. Conduct initial risk assessments to proactively identify vulnerabilities.
Adopt DevSecOps practices: Integrate security into DevOps processes to create a culture of shared responsibility. Automate security testing and continuously monitor for issues.
Implement secure coding practices: Train developers on secure coding methods – such as input validation and encryption – and conduct regular code reviews to spot risks early.
Foster a security-first culture: Promote security as a core value across development teams and reward proactive cybersecurity behaviours.

Conclusion

Delegates concluded that building a cyber-resilient culture means making security a shared, everyday responsibility. Leadership must be active and visible in setting expectations, while human defence strategies must evolve beyond traditional training. Recognising and rewarding good cybersecurity behaviour reinforces positive habits and helps embed a lasting culture of resilience.

TechCentral and Velocity Technology Group thank all participants for their valuable contributions to this critical discussion.

Read more articles by Velocity Technology Group on TechCentral
This promoted content was paid for by the party concerned

Follow TechCentral on Google News Add TechCentral as your preferred source on Google

AI is now hunting tax cheats in South Africa

South Africans took a sizeable bite of SpaceX after historic IPO

Flagship broadband programme in South Africa stalled

Post Office moves to exit business rescue – but with no funded future

Prominent South African investor joins the board of SpaceX

Google on the hook for what its AI tells users, court rules

How Russians juggle VPNs to outwit the Kremlin

Amazon CEO flagged Anthropic AI risks to Washington

Trouble at Xbox

Meta declares war on Israeli spyware firm

AI boom sparks rally, frenzy and fear

Every plug-in hybrid on sale in South Africa, ranked by price

What Wi-Fi 8 will mean for wireless networks

Alfa’s electric rebel

Africa switches on as Europe dims the lights

Watts & Wheels S1E6: ‘A flawless Alfa and a bakkie that divides’

Watts & Wheels S1E5: ‘A Bentley of the bush and a car that swims’

TCS | Charge’s R1.8-billion bet on an off-grid EV future

TCS+ | The Up&Up Group on the hidden cost of AI

TCS+ | The retirement decision most South Africans get wrong

Finish the job Mandela started

The US just showed it can switch off our AI

The clock is ticking on South African banks’ biggest advantage

Clashing judgments leave South Africa’s crypto law unsettled

The trap inside South Africa’s banking MVNO boom

Building a cyber-resilient culture from the boardroom to the front lines

Lessons from the past

Scaling human firewalls

Risk appetite vs innovation pace

Conclusion

The Pan African DataCentres event opens next week

Why most cloud migrations inherit risk before they create value

When the Garden Route floods hit, the map was already drawn

Finish the job Mandela started

The US just showed it can switch off our AI

The clock is ticking on South African banks’ biggest advantage

AI is now hunting tax cheats in South Africa

South Africans took a sizeable bite of SpaceX after historic IPO

The Pan African DataCentres event opens next week

Flagship broadband programme in South Africa stalled

Subscribe to the newsletter

Building a cyber-resilient culture from the boardroom to the front lines

Lessons from the past

Scaling human firewalls

Risk appetite vs innovation pace

Conclusion