Use this button to switch between dark and light mode.

Outpacing Cyber Threats

Cybersecurity threats are on the rise, and organisations are on the back foot. This emerged at our latest LexisNexis webinar, which unpacked cybersecurity management strategies for more resilient organisations.

 Panellists,  cybersecurity, Risk & GRC Consultant Taahir Haffejee and Bheki Gutshwa, President of the Institute of Risk Management South Africa, painted a worrying  picture of our current cybersecurity landscape. However, our experts emphasised that with the proper risk management strategies, organisations can build resilience and confidently tackle threats.

“A 2023 report indicates that there has been a 76% increase in cyber-attacks on businesses in South Africa and neighbouring countries like Kenya and Zambia,” said Haffejee. He added that 82% of South African companies have experienced at least one cyber breach in the last two years and despite this, only 67% of businesses use some sort of end-point protection against cyber threats.

Gutshwa pointed to the prevalence of these threats globally referencing the Allianz Risk Barometer which named cyber events the top risk of 2024.

Despite the substantial threat to business continuity and the broader economy, many organisations are still failing to act with the urgency required.

There are numerous hurdles stalling action, including a lack of communication between the executives, risk managers, and IT departments, the cost of implementing adequate measures, and outdated methods of dealing with rapidly evolving threats. “Communication around these threats involves collaboration across departments and giving risk managers a platform to push cybersecurity to the top of the corporate agenda,” said Gutshwa. However, panellists agree that the most crucial of these hurdles is adopting a reactive approach rather than a proactive one.

Haffejee provided actionable steps for organisations to use to ensure they are fully prepared and protected against future attacks, emphasising that these steps should always be tailored to the organisation’s specific needs, and it is not a “one size fits all” approach.

 

The process begins with understanding the threat landscape said Haffejee explaining that organisations must conduct thorough assessments of potential cyber threats, including the tactics, techniques, and procedures (TTPs) employed by attackers. This foundational knowledge helps tailor security measures to address specific vulnerabilities and high-risk areas.

The next step is implementing risk assessment frameworks such as NIST or ISO 27001 to systematically evaluate and prioritise risks based on their likelihood and potential impact. This structured approach ensures that risk management efforts are consistent and thorough, laying the foundation for the next step, effective prioritisation of risk mitigation strategies. These strategies should focus resources on the most significant risks identified during assessments.

Following the prioritisation of risks, organisations must establish governance and oversight by creating a clear structure that includes appointing risk owners and oversight committees to ensure accountability in risk management processes. Implementing a threat intelligence program is essential for collecting and analysing emerging threats, enabling proactive defence strategies.

To ensure that they are keeping up with evolving threats, organisations should commit to regularly testing and updating security measures through vulnerability assessments and penetration testing to strengthen defences. Developing robust incident response plans is critical for minimising the impact of security breaches and ensuring a swift and coordinated response during incidents. Finally, fostering a security-first culture by engaging employees in security awareness and training programs empowers them to function as the first line of defence, encouraging proactive behaviour and adherence to security protocols.

Gutshwa referenced the value of these steps in a holistic risk management approach but advised organisations to not go about it alone, calling on specialists for support in areas where internal expertise may be lacking. LexisNexis is a trusted partner in cybersecurity risk management, providing a comprehensive Governance, Risk, and Compliance (GRC) solution that helps organisations proactively mitigate risks. This robust platform integrates corporate governance and risk management, enabling effective handling of both enterprise and regulatory risks, including compliance with data protection regulations like POPIA and GDPR.

In line with our panellists’ recommendations, this solution can be customised, allowing organisations to tailor their risk management frameworks to meet specific operational needs. By leveraging LexisNexis' extensive legal database and expert consultants, businesses can enhance their cybersecurity measures, ensuring they are effective and resilient against cyber threats. This proactive strategy not only protects sensitive data but also strengthens organisational integrity and compliance, fostering greater trust with clients and stakeholders.

The GRC solution from LexisNexis equips organisations with the tools they need to navigate the complexities of risk management in today's digital landscape. There is a lot at risk without adequate cybersecurity measures in place but with the right tools, strategies, and guidance, organisations can navigate volatility and remain resilient.

Contact Us


Telephone number: +27 (0) 860 765 432

I consent to being kept updated about related products, services and events.


LexisNexis South Africa and our LexisNexis Legal & Professional group of companies which are part of the RELX Group will use your personal information to administer your account and/or provide the products and services that you have requested from us. We may contact you in your professional capacity with information about our other products, services and events that we believe may be of interest. You’ll be able to update your communication preferences any time via the unsubscribe link provided within our communication or you can manage your communication preferences via our Preference Centre. You can learn more about how we handle your personal data and your rights by reviewing our Privacy Policy.