South African organizations are facing a growing cyber security challenge at a time when artificial intelligence (AI) is accelerating technological change in every sector of the economy. Even before the latest advances in AI, the country was already one of the most targeted cyber environments in Africa. according to industry ResearchLocal organizations experienced a sharp increase in cyberattacks during 2025, while cybercrime continues to impose significant financial and operational costs on businesses, government institutions, and consumers.
At the same time, AI is changing the way cyber threats emerge and evolve. Tasks that once required significant time, specialized skills, and large teams can be performed faster and on a larger scale. For organizations that already have security vulnerabilities, this creates additional pressure to strengthen their cyber resilience. One development that has attracted global attention is Anthropic's latest AI model, Cloud Mythos. Earlier this year, the company announced The model was able to identify hundreds of previously unknown software vulnerabilities in widely used operating systems and browsers, including some that had been unknown for decades.
While this demonstrates the potential of AI as a defensive tool, it also highlights a broader reality. As advanced AI systems become more accessible, organizations will need to prepare for a future where cyber threats can be identified, developed, and implemented much faster than before. For South African businesses, technology is not the only concern. The question is whether the existing security foundation is strong enough to respond to the rapidly changing threat landscape.
Accenture's cybersecurity posture Research found that only 44% of technology leaders in South Africa admit that AI is advancing faster than their organizations' cybersecurity capabilities. Yet assessments conducted across various organizations have revealed security shortcomings that may be difficult to manage as AI capabilities continue to develop.
The security base remains inadequate
Several areas are key, including cloud security. Many digital transformation and AI initiatives rely heavily on cloud environments. Yet research from Accenture found that only 18% of South African organizations have full visibility into their cloud security configuration, while only 6% have approved security baselines. Without strong governance and oversight, cloud platforms can create unnecessary risk exposures.
With respect to data governance, AI systems depend on access to data, making it important for organizations to understand what information they have, where it resides, and how it is protected. However, only 18% of South African organizations have categorized their data according to sensitivity, and only 24% have established clear policies governing AI use. Without these controls, it becomes difficult to manage risk and implement appropriate security measures.
Identity security remains another important area. Modern organizations must manage access to employees, contractors, third parties, applications, and, increasingly, AI agents. Yet only 28% of organizations have adopted a continuous authentication approach to access management, while only 8% implement least-privilege access controls. As the digital ecosystem becomes more complex, identity management is becoming one of the most important components of cybersecurity.
Software development practices also need to be addressed. Only 8% of South African organizations integrate security testing into the software development lifecycle rather than treating it as the last step before deployment. As AI accelerates the discovery of vulnerabilities, it becomes increasingly important to incorporate security from the beginning.
South Africa has already experienced the consequences of major cyber incidents. 2021 cyber attack The state-owned freight forwarder disrupted operations at major ports and supply chains were hit in several parts areas Of economy. This incident demonstrated that cybersecurity is no longer just a technology concern. It has a direct impact on business continuity, economic activity and public confidence.
As AI capabilities continue to mature, the potential impact of cyber incidents may become even more significant. recent reports There are suggestions that AI is already being used to support activities such as vulnerability discovery, reconnaissance and elements of attack planning. While human supervision remains involved, automation is increasing the speed and scale at which these activities can occur.
This puts more emphasis on preparation.
Organizations should ensure that security is considered at the beginning of digital and AI initiatives rather than after deployment. Cloud governance, data management, identity controls, and application security should be part of the planning and implementation processes from the beginning. As AI becomes more embedded in business functions, security can no longer be treated as a separate workstream. It needs to be integrated into decision making right from the start.
At the same time, businesses should explore how AI can strengthen their own defensive capabilities. AI-powered monitoring, threat detection, and vulnerability management tools can help security teams identify risks earlier and respond more effectively. When used responsibly, these capabilities can improve visibility into increasingly complex technology environments and help organizations keep pace with the rapidly evolving threat landscape.
South African organizations have spent years investing in digital capabilities to improve customer experience, foster innovation and support growth. They will continue to create investment opportunities, but they also increase the importance of cyber resilience. As AI becomes more embedded in business operations, organizations that strengthen their security foundations and build resiliency into their digital strategies will be better positioned to realize the benefits of AI as well as manage the risks that accompany it.
By Kgomotso Labelle, Country Managing Director, Accenture South Africa
