In 2025, more than 360 000 South African user accounts have been exposed through data breaches, highlighting just how widespread digital risk has become. That number does not include the unreported, the unnoticed, or the ones still in progress. It is only what we know.

At the same time, recent research shows that local organisations are becoming more resilient. According to IBM’s 2025 Cost of a Data Breach Report, South Africa’s average breach cost has dropped by 17 percent this year, largely due to better detection and faster response powered by AI-enabled security tools.

So where does that leave us?

Somewhere in the middle. More prepared than we were last year but still facing the kind of attacks that technology alone cannot block.

September’s global incidents made that point clear.

Harrods Breach Exposes Third-Party Risk

In mid-September, Harrods confirmed a data breach affecting over 430 000 customer records. The breach was linked to a third-party email marketing supplier and included names, contact details, and purchase histories. The attackers made direct contact with customers, referencing their recent Harrods purchases to establish trust.

This incident is important because it had nothing to do with system failure inside Harrods. It came from a vendor. It was precise, well-timed, and believable. It shows how attackers are focusing less on breaking down doors and more on entering through trusted channels.

For South African businesses, many of which rely heavily on vendors, external developers, and shared cloud tools, the lesson is clear. Your security posture is only as strong as your weakest partner.

Jaguar Land Rover Hit by Disruptive Breach

Earlier in the month, Jaguar Land Rover experienced a cyber incident that severely impacted production systems. While the details are still emerging, reports suggest that production lines in multiple factories were halted while teams scrambled to investigate the cause and restore operations.

This was not just a data issue. It was a business continuity issue. A reminder that cyber threats now live inside operational technology, not just IT networks. The South African market is increasingly reliant on digitally integrated supply chains. Manufacturing, energy, logistics, and government infrastructure all face the same risk. Once systems are interrupted, recovery is not just a technical challenge. It becomes a revenue problem.

Collins Aerospace Confirms Breach of Passenger Systems

Collins Aerospace, a key technology provider in global aviation, confirmed a ransomware attack that targeted its passenger boarding systems. The breach had the potential to affect multiple airports across the United States and Europe. Investigations are still ongoing.

While this was not a direct attack on an airline, the service disruption could have had ripple effects on airport operations, boarding flows, and passenger trust.

The takeaway here is not about the aviation industry. It is about dependency. When a single vendor provides a service that multiple clients rely on, the impact of a breach is multiplied.

This mirrors similar concerns in Africa, where shared platforms and outsourced service providers form the backbone of critical industries.

Shadow AI and Quiet Risk in the Enterprise

We assessed several environments in September, and the trend of unsanctioned AI tool usage continued to grow. Teams are using generative tools to speed up reporting, create client emails, translate documents, and summarise meetings. Often, they do so without realising they are feeding sensitive information into third-party systems outside the organisation’s visibility or control.

Shadow AI is not a future risk. It is a current exposure. It does not always make headlines, but it is reshaping how data flows inside businesses.

Unless policies, awareness, and oversight catch up, this will quietly become one of the biggest attack surfaces in modern enterprises.

What These Incidents Tell Us About Readiness

Each of these cases points to a different lesson. But they all challenge the same assumption that technology alone is enough to stay secure. What matters more is how tools are used, how systems are governed, how third parties are vetted, and how quickly teams respond when assumptions no longer hold.

As we enter Cybersecurity Awareness Month, now is the right time to ask the harder questions.

• What would we do if our supplier was breached tomorrow?
• Do our staff know how to spot engineered emails that reference real transactions?
• Are we still training people for yesterday’s attacks while new ones go unnoticed?
• How many AI tools are already in use across the business without formal approval?

If these questions feel uncomfortable, that is a good sign. Awareness begins where assumptions end.

A Measured Reset Before October Begins

Awareness Month is not about loud campaigns or clever slogans. It is about making space for clarity. That starts with reviewing what this past month revealed and taking action on what it exposed.

If your organisation has not yet paused to reassess its posture based on what we have all witnessed globally, now is the time to do so.

The most secure environments are not always the ones with the most tools. They are the ones asking the right questions early enough to act on the answers.