By Boland Lithebe, Security Lead for Accenture, Africa

South African businesses are sprinting to embrace generative AI, lured by its potential to drive efficiency, productivity, and innovation. But here’s the stark reality: without a rock-solid cybersecurity foundation, AI will become a Trojan horse, opening the floodgates to sophisticated cyber threats.

The time to act is now. AI is not just changing how businesses operate – it’s transforming the cyber threat landscape at an unprecedented pace. Cybercriminals are already exploiting AI to automate deepfake attacks, craft hyper-realistic phishing scams, and weaponise malware. The question isn’t whether South African businesses will be targeted – it’s when and how prepared they will be when it happens.

As AI adoption accelerates, our digital core – the essential technology infrastructure underpinning business operations – must be fortified. If we fail to secure it, we risk compromising customer data, disrupting supply chains, and eroding trust in South Africa’s digital economy.

For all its promise, generative AI dramatically expands the attack surface. Traditional cybersecurity measures – designed for an era before AI – are struggling to keep up. The same AI capabilities that help businesses innovate can also be harnessed by bad actors to infiltrate systems, manipulate data, and automate cyberattacks at scale.

We have already seen how generative AI enables cybercriminals to:

• Launch ultra-personalised phishing attacks that bypass human scepticism. AI can craft scam emails and messages that mimic real communication styles with uncanny accuracy.
• Automate deepfake fraud to deceive individuals and businesses, with attackers generating fake voice recordings, videos, or even entire conversations.
• Use AI-generated malware to rapidly exploit security weaknesses, bypassing traditional defence mechanisms.

This is no longer a theoretical risk. South Africa’s businesses, financial institutions, and even government systems are at increasing risk of AI-driven attacks. A reactionary approach to cybersecurity is no longer sufficient – we must embed security into every AI-powered system from the ground up.

If South African enterprises are serious about harnessing AI’s potential without jeopardising their security, they must take deliberate, proactive steps to secure their digital core. Just as cybercriminals are using AI to attack, businesses must use AI to defend. AI-driven security tools can detect, analyse, and neutralise threats in real time, outpacing traditional threat detection methods. Machine learning models can identify anomalies, stopping breaches before they escalate.

The days of assuming network safety are over. A zero-trust security model, which verifies every user, device, and AI-driven process before granting access, must become the new standard. Organisations must continuously authenticate and validate all users, even those inside the network.

AI systems rely on vast amounts of sensitive data, making robust data governance essential. This means securing cloud environments, enforcing strict encryption standards, and ensuring compliance with global and local data protection regulations such as South Africa’s Protection of Personal Information Act (POPIA).

AI systems must be evaluated for vulnerabilities before deployment. Businesses must adopt a framework for AI model risk management, ensuring that AI-generated outputs are accurate, unbiased, and resistant to manipulation. AI security audits should become standard practice.

Cybersecurity is no longer just an IT issue – it’s a business survival issue. Boards and executives must integrate cyber resilience into corporate strategy, ensuring that security investments match the scale of AI-driven digital transformation. Without board-level buy-in, cybersecurity initiatives will remain underfunded and reactive.

Failing to secure AI systems is not just a technology risk – it’s a business risk. Companies that neglect cybersecurity will face:

• Reputational damage from data breaches and AI-driven fraud.
• Regulatory penalties for failing to protect customer information.
• Operational disruptions caused by ransomware and AI-enabled attacks.
• Loss of competitive edge, as consumers and partners favour businesses that prioritise data security.

South Africa’s digital economy is at an inflection point. If we fail to secure our AI infrastructure, we won’t just lose data – we’ll lose trust, competitiveness, and economic momentum.

South Africa has an opportunity to lead in AI-driven transformation, but only if security is a non-negotiable part of that journey. We must act decisively, investing in AI-driven cybersecurity solutions, regulatory frameworks, and a culture of cyber resilience.