Cybersecurity threats present a significant challenge across the African continent, impacting various sectors and regions. As Africa undergoes rapid digital transformation, cyberthreats such as ransomware, business e-mail compromise (BEC) and malware are on the rise, disrupting essential services across nearly every industry.

This increase is driven by the continent’s expanding digital footprint, fuelled by fintech innovation and e-government services. As a result, African organisations have become increasingly attractive targets for cybercriminals. At the same time, challenges persist around cloud security, insider threats and the protection of critical infrastructure. While efforts to bolster cyber resilience and strengthen law enforcement capabilities are underway, the need for a comprehensive cybersecurity culture has never been more urgent.

A commonly overlooked yet vital element of cyber resilience is people. Employees at every level can either strengthen or weaken an organisation’s defences. To explore this further, TechCentral and Velocity Technology Group convened a select group of industry experts – including CIOs, CISOs, and heads of ESG, GRC, legal and HR – to unpack the role of organisational culture in developing cyber resilience, from leadership to the operational front line.

Lessons from the past

The conversation began with a reflection on the 2013 Target breach – an incident later labelled as the industry’s wake-up call. Despite having numerous security controls in place, Target’s vulnerabilities were exploited, exposing a critical gap: its people. From board members and executives to frontline staff, the human element proved pivotal.

Delegates agreed that cultivating a cyber-resilient culture requires a holistic approach. This begins with leadership, where tone and commitment must be set from the top and communicated clearly throughout the organisation. Everyone must understand their role in safeguarding the organisation against cyberthreats.

A lively debate followed regarding where people-enablement efforts should be focused. Some questioned whether board-level and C-suite executives truly understood cybersecurity risk and whether they were allocating sufficient resources to secure the broader workforce. While many organisations are indeed investing in cyber resilience, there is still considerable work to be done in building a truly end-to-end cyber-resilient workforce.

Scaling human firewalls

Beyond basic phishing simulations, how are organisations transforming employees into proactive cyber sensors? How can leadership drive this shift through measurable cultural change?

Many delegates highlighted the need to move beyond traditional awareness training and towards comprehensive human defence programmes. Key points shared included:

Retaining security awareness and simulation as foundational elements;
Leaders setting the tone by modelling secure behaviour;
Establishing behavioural norms, such as using strong passwords and reporting suspicious activity;
Promoting open communication around cybersecurity policies, incidents and expectations; and
Ensuring all employees understand their responsibilities and are held accountable.

By embedding cybersecurity into day-to-day culture, organisations can create an environment of shared responsibility, significantly reducing breach risks and boosting overall resilience.

Risk appetite vs innovation pace

How do organisations balance the pace of digital innovation with the board’s stated cyber-risk appetite? Which governance measures help keep this balance transparent?

Delegates acknowledged that rapid innovation is vital for competitiveness, but it inevitably introduces cybersecurity risk. They shared the following best practices to align innovation with robust security:

Prioritise security from the outset: Embed security into the earliest planning stages of projects. Conduct initial risk assessments to proactively identify vulnerabilities.
Adopt DevSecOps practices: Integrate security into DevOps processes to create a culture of shared responsibility. Automate security testing and continuously monitor for issues.
Implement secure coding practices: Train developers on secure coding methods – such as input validation and encryption – and conduct regular code reviews to spot risks early.
Foster a security-first culture: Promote security as a core value across development teams and reward proactive cybersecurity behaviours.

Conclusion

Delegates concluded that building a cyber-resilient culture means making security a shared, everyday responsibility. Leadership must be active and visible in setting expectations, while human defence strategies must evolve beyond traditional training. Recognising and rewarding good cybersecurity behaviour reinforces positive habits and helps embed a lasting culture of resilience.

TechCentral and Velocity Technology Group thank all participants for their valuable contributions to this critical discussion.

Read more articles by Velocity Technology Group on TechCentral
This promoted content was paid for by the party concerned

Follow TechCentral on Google News Add TechCentral as your preferred source on Google

FirstRand ups stake in Optasia in R1.5-billion deal

Remgro’s fibre empire roars back

Truecaller cooperating with Info Regulator’s Popia probe

Why Namibia slammed the door on Starlink

Podcasters push back against regulatory overreach

It’s official: ads are coming to ChatGPT

Mystery Chinese AI model revealed to be Xiaomi’s

A mystery AI model has developers buzzing

Samsung’s trifold gamble ends in retreat

Nvidia targets $1-trillion in AI chip sales as inference demand surges

The last generation of coders

Sentech is in dire straits

How liberalisation is rewiring South Africa’s power sector

The top-performing South African tech shares of 2025

Digital authoritarianism grows as African states normalise internet blackouts

Meet the CIO | Healthbridge CTO Anton Fatti on the future of digital health

TCS+ | Arctic Wolf unpacks the evolving threat landscape for SA businesses

TCS+ | Vox Kiwi: a wireless solution promising a fibre-like experience

TCS+ | Flipping the narrative on AI in the Global South

TCS | Sink or swim? Antony Makins on how AI is rewriting the rules of work

South Africa’s energy future hinges on getting wheeling right

Apple just dropped a bomb on the Windows world

VC’s centre of gravity is shifting – and South Africa is in the frame

Hold the doom: the case for a South African comeback

The AI fraud crisis your bank is not ready for

Building a cyber-resilient culture from the boardroom to the front lines

Lessons from the past

Scaling human firewalls

Risk appetite vs innovation pace

Conclusion

Defend your cloud with Altron Digital Business

Why most Cisco partners leave money on the table at renewal time

Why South Africa’s technology leaders choose TechCentral

South Africa’s energy future hinges on getting wheeling right

Apple just dropped a bomb on the Windows world

VC’s centre of gravity is shifting – and South Africa is in the frame

Defend your cloud with Altron Digital Business

FirstRand ups stake in Optasia in R1.5-billion deal

Remgro’s fibre empire roars back

Truecaller cooperating with Info Regulator’s Popia probe

Subscribe to the newsletter

Building a cyber-resilient culture from the boardroom to the front lines

Lessons from the past

Scaling human firewalls

Risk appetite vs innovation pace

Conclusion