More than 70% of South African businesses lack basic cybersecurity awareness, according to a recent Fortinet report, leaving them vulnerable to increasingly sophisticated digital threats. This gap in security preparedness is not just an IT concern but a structural weakness that cybercriminals are actively exploiting.
Doros Hadjizenonos, Regional Director at Fortinet, points to a fundamental misunderstanding of the problem. “Awareness alone is not enough,” he says. “Employees need the tools and training to recognise and respond to real threats. Otherwise, businesses are leaving themselves exposed.”
Smaller companies, often perceived as unlikely targets, are particularly vulnerable. Many serve as digital gateways to larger organisations, and attackers exploit this connectivity. In some cases, cybercriminals have breached corporate networks through third-party service providers with minimal security controls.
AI-driven attacks are also making defensive strategies more difficult to implement. According to Fortinet’s research, 46% of businesses expect their employees to fall for more cyberattacks as artificial intelligence enhances social engineering tactics. Once-easy-to-spot phishing emails, riddled with errors, now appear almost indistinguishable from legitimate messages.
Despite this, 58% of South African companies are not using AI-driven cybersecurity tools to counteract these evolving threats. Many still rely on outdated security measures, unable to keep pace with attackers who are using machine learning to refine their deception techniques.
Yet, the solution is within reach. Fortinet’s findings show that 70% of companies that introduced structured cybersecurity training reported a measurable improvement in security. However, limited budgets (34%) and personnel shortages (36%) remain obstacles to broader implementation.
“The financial argument is clear,” Hadjizenonos says. “The cost of a breach — in lost revenue, legal penalties, and reputational damage—far exceeds the cost of proactive training. Cybersecurity should be seen as an investment, not an expense.”
Leadership plays a decisive role in addressing these vulnerabilities. Fortinet’s research shows that IT leaders (72%), CEOs (68%), and security heads (52%) are the primary drivers of awareness initiatives. While many South African companies now conduct monthly cybersecurity training — surpassing the global average — most still allocate fewer training hours per year than international counterparts.
To close this gap, Fortinet has introduced a free online cybersecurity training course designed to help employees identify and respond to threats. But Hadjizenonos cautions that training alone is not enough. “Cybersecurity needs to be embedded in a company’s culture, with leadership fully engaged. This is not a box-ticking exercise; it’s an ongoing process that needs reinforcement.”
For South African businesses, the challenge is no longer just about recognising the threat — it is about acting on it before the cost becomes insurmountable. throughout our economic future for years to come.”