For many organisations, a cyber-attack is viewed as a technical problem, something for IT to manage. The reality is far more serious.
A cyber incident can quickly become a financial, operational and reputational crisis. Research suggests JSE-listed companies could lose as much as 30% of their share value following a major breach. And the threat environment is intensifying; according to Check Point Research, South African organisations faced an average of 2 145 cyber-attacks per week in early 2025, a 36% year-on-year increase, slightly above the global average.
The victims are not obscure targets. MTN, South African Airways, Cell C, Land Bank, National Treasury and SARS have all faced incidents in recent years. No organisation is immune.
The Cost of Delay
The single most critical factor in determining financial impact is how quickly an incident is identified and contained. Slow response creates a cascading effect: prolonged downtime, lost revenue, regulatory exposure, eroded customer trust and expensive forensic recovery. In sectors like finance, telecoms and government, the reputational damage alone can be long-lasting.
The numbers are sobering. South African organisations take an average of 227 days to identify and contain a breach, and globally, 65% of organisations have not fully recovered within 100 days. The problem is a “time to context” gap: attackers can compromise systems within hours, while security teams spend days piecing together what happened across disconnected logs and platforms.
The Compliance Burden
South Africa’s regulatory environment adds further pressure. Under POPIA, organisations must notify the Information Regulator and affected individuals as soon as reasonably possible after identifying a breach, detailing what was compromised, the potential impact, and steps taken to contain and prevent recurrence.
At the end of the 2024/25 financial year, 2 374 security compromise incidents were reported to the Information Regulator, with estimates suggesting this could approach 2 500 in the current period. For already-stretched security teams, the administrative weight of compliance can compound an already difficult situation.
Closing the Gap with AI
Artificial intelligence is becoming a critical tool in improving response times. Modern security platforms can analyse behavioural patterns, identify anomalies and correlate data across multiple systems in minutes rather than days. In South Africa, 78% of organisations now deploy AI-assisted security tools, a shift that significantly improves both visibility and speed of response.
Resilience, Not Just Compliance
Despite the rising threat landscape, fewer organisations globally plan to increase cybersecurity investment after experiencing a breach, a sign that many still treat security as a compliance exercise rather than a resilience strategy.
That distinction matters. Effective cyber resilience requires early threat detection, rapid incident response, structured recovery planning and board-level governance. Without these, a manageable incident can escalate into a corporate crisis.
In today’s environment, the difference between the two often comes down to one thing: how fast an organisation can respond.
