Are local companies complacent about cyber-attacks?

June 28th, 2016, Published in Articles: EE Publishers, Articles: EngineerIT


Recent research carried out by VMWare shows that  almost half (49%) of South African IT decision makers interviewed  believe their organisations are vulnerable to a cyber-attack, and almost a fifth (16 %) expect a serious cyber attack to hit their organisation in the next few days. They also rated cyber security amongst the top three business imperatives, yet their cyber security budgets are declining. This begs the question as to how serious local IT decision makers are about securing their IT infrastructure.

Gareth James (VMWare), Arthur Goldstuck ( Word Wide Worx) and Matthew Kibby (VMWare) at the VMWare Cyber security briefing.

Gareth James, VMWare; Arthur Goldstuck ,Word Wide Worx and Matthew Kibby, VMWare at the company’s cyber security briefing.

Recent findings from VMware indicate that over a third (35%) of IT decision makers (ITDMs) across South Africa believe C-Level executives or the board should be held accountable for a significant data breach. However, almost a fifth (16%) of ITDMs do not believe their board or C-Suite gives sufficient attention to cyber security issues. Astoundingly, 52% of respondents stated that there either is no plan within their overall business strategy for addressing a security breach, or that only a small part of their organisation is aware of there being one.

The research was conducted by World Wide Worx, which polled 103 IT decision makers in companies with 500+ employees in South Africa through telephone interviews held during April 2016.

Businesses are coming under increasing threat from serious cyber-attacks. With the complexities of an increasingly digital business world, current security methods may not be keeping pace. In fact, when given a series of potential vulnerabilities that may leave their organisation vulnerable to a cyber attack and asked to rank them on a scale of one to five, lack of budget and employees who are careless or untrained in cyber security ranked as one of the highest forms of threat (both at almost three out of five), topped by outdated software and systems security solutions (at 3,4 out of 5). South African IT decision makers say that funding will be reduced across security, including mobile security (23%), threat monitoring (18%) and encryption (24%).

Additional research conducted by the Economist Intelligence Unit earlier this year revealed that just 8% of EMEA corporate leaders consider cyber security a priority for their business. As cyber-attacks intensify and become more damaging for organisations, including the loss of intellectual property, competitive positioning and customer data, the potential impact of this disconnect to performance and brand is significant.

According to Matthew Kibby of VMware Sub-Saharan Africa, the issue around accountability is symptomatic of the underlying challenges facing business as they seek to push boundaries, transform and differentiate, as well as secure the business against ever-changing threats. He said that today’s most successful organisations can move and respond speedily,  as well as safeguard their brand and customer trust. “With applications and user data on more devices in more locations than ever before, these companies have moved beyond the traditional IT security approaches which are increasingly less able to protect the digital businesses of today,” he said.

Research also reveals the steps employees are willing to take to increase productivity. According to ITDMs, almost a half (47%) of employees are allowed to use their mobile device to access corporate data, and 42% are aware that their employee’s mobile devices have been hacked.

“With the vast amount of data available on information security threats, there is no excuse for ignorance or inactivity,” says Arthur Goldstuck, of World Wide Worx. “At the very least, any sizeable company should have a set of security measures, protocols and responses that is as much part of the company’s DNA as is its marketing strategy or legal compliance policy.”

“Security is not just about technology. As the research shows, the decisions and behaviours of people will impact the integrity of a business. Smart organisations enable, do not restrict their employees, allowing them to thrive, as well as adapt processes and transform operations to succeed. Forward thinking organisations understand that reactive security is no longer a suitable method for protecting applications and data,” said Kibby. “By taking a software-defined approach to IT that embeds security into the applications and network, these businesses have gained the flexibility required to both secure and succeed as a digital business.”

Send your comments to

Related Articles

  • Picture Gallery 1: Nedbank/ EE Publishers seminar on Gas sector in SA
  • Picture Gallery 2: Nedbank/ EE Publishers seminar on Gas sector in SA
  • Energy limitation for peace of mind: Safe devices for Zone 0
  • ITU Telecom World 2019 highlights tech innovations improving lives
  • Spectrum sharing opportunities for 5G and beyond