In the last two years, the rapid advancement of artificial intelligence and machine learning has reshaped the global cybersecurity landscape. Threat actors can now carry out highly sophisticated attacks with minimal skill and effort, aided by AI-powered tools.

This evolution has pushed South African businesses to rethink their cybersecurity approach. Both business leaders and employees play a critical role in defending against cyberthreats, often without fully realising the extent of their responsibility.

The stakes are particularly high in South Africa, where cybercrime is expected to cost the economy R2.2-billion annually. With cyber risk reaching unprecedented levels, reducing human risk in 2025 will be critical for entities trying to build resilience.

This means fuelling a strong security culture through ongoing employee training. Although cultivating this mindset takes time – particularly for large, decentralised teams – improving cybersecurity awareness is achievable for anyone, regardless of their technical background.

The AI-driven cyber arms race

Cybersecurity has historically been a game of cat and mouse, with defenders racing to patch vulnerabilities and block emerging threats. However, the introduction of AI-powered cyberattacks has redefined this arms race, upping the ante for local companies.

Today, malicious actors and defenders rely on machine learning models – whether to craft sophisticated phishing campaigns or power advanced security platforms. The gap between attackers and defenders has narrowed dangerously, largely because malefactors are not constrained by rules or regulations when developing offensive technologies.

In South Africa, AI-enabled scams have become more prevalent, with local businesses reporting a rise in attacks involving deepfake technology and automated social engineering. Towards the end of 2023, a well-known South African news presenter became the target of bogus news stories and fake advertisements, where “she” appeared to endorse products or promote get-rich-quick schemes. Soon, she fell victim to deepfaking, a practice that uses AI to manipulate images, video, and audio.

What’s more alarming is that creating deepfakes no longer requires advanced technical skills – freely available software like FaceSwap and ZaoApp makes it accessible to virtually anyone.

These tactics exploit trust, a vital component of any organisation. For example, social engineering attacks like the massive MGM Casino and MOVEit breaches in 2023 illustrate how human reconnaissance combined with technical exploits can cause significant damage. Locally, the high rate of phishing attacks in South Africa highlights the vulnerability of employees – even senior leaders – to social engineering.

People: the Achilles heel in cybersecurity

While technology plays a key role in combating cyberthreats, human error remains a major vulnerability. Research by Arctic Wolf indicates that nearly two-thirds of IT executives globally have fallen victim to phishing, underscoring that this is not just a problem for new employees – it’s also a leadership issue. In South Africa, common human errors such as reusing credentials, bypassing multifactor authentication (MFA) and clicking on malicious links place firms at considerable risk.

The key to mitigating human risk lies in creating a culture where cybersecurity is everyone’s responsibility. People are highly susceptible to having their natural biases exploited, so employees must feel comfortable reporting suspicious activity and know exactly how to respond to potential threats. South African entities, often targeted due to their growing digital footprint, must put security awareness training tailored to their specific risk environment at the top priority list.

Bridging the disconnect between confidence and preparedness

Despite the rise in cyberattacks, many organisations overestimate their preparedness. For instance, although 64% of IT leaders have clicked on a phishing link, 80% reported that they were “confident” their company wouldn’t fall for a phishing attack.

This is a massive disconnect that South African businesses must address by implementing mandatory security measures, such as MFA, password managers and virtual private networks. These tools provide an added layer of protection but must be coupled with regular training to ensure employees understand their importance.

South Africa’s path to cyber resilience

In addition to technological defences, South African organisations should strengthen their cybersecurity posture by:

Enhancing reporting mechanisms: Staff members must know how to report suspicious activity and verify identities when interacting with colleagues or third parties.
Adopting zero-trust models: A zero-trust approach sees that all users, inside or outside the network, are continuously verified before being granted access.
Implementing regular simulations: Phishing simulations and tabletop exercises can help entities identify vulnerabilities and improve response times.
Building trust: A foundation of trust between employees and leadership is critical. Workers should feel empowered to voice security concerns without fear of reprisal, as quick action is vital to containing threats.

South Africa’s cybercrime landscape also requires firms to address local challenges, such as limited access to cybersecurity resources in small and medium-sized enterprises and the rise of shadow AI, or unsanctioned tools that increase a business’s attack surface. Local firms can boost their resilience in an increasingly hostile cyber environment by prioritising a cohesive cybersecurity strategy that covers technological and human vulnerabilities.

The harsh reality is that in 2025, cyber risk will only continue to grow, particularly in regions where the digital transformation is outpacing security investments. From background checks to phishing defences, the opportunities for bad actors to exploit gaps in human and technical defences are plentiful.

For organisations to stay one step ahead of their adversaries, they must ensure that every individual – from entry-level employees to the C-suite – understands their role in maintaining cybersecurity.