In a year already marked by geopolitical upheaval, the never-ceasing spectre of cybercrime, and the rapid rise of AI, for good and bad, organisations across South Africa are being forced to confront a stark reality: the digital world is becoming more volatile than ever.

Against this backdrop, industry experts are calling for deeper intelligence, sharper preparedness, and a far more proactive approach to cybersecurity. It was in this atmosphere of transformation that TechSmart was invited to attend the recent CyberX summit held in Sandton. There, I had the opportunity to sit down with Robert Swanepoel, the technical expert for Kaspersky in South Africa, to explore the need for companies to invest in cybersecurity in 2026.

This imperative is further being highlighted by the shift from web-based attacks to more advanced persistent threats, as well as AI playing a growing role in both cybersecurity and cybercrime.

Interestingly, the interview happened due to an unforeseen change in the CyberX lineup, as Kaspersky’s other expert was unable to attend due to grounding of flights in the wake of the war on Iran. It also begged the question: What is the impact of unexpected geopolitical changes on cybersecurity, and how can companies ready themselves for unforeseen disruptions?

Swanepoel explained that geopolitical changes have made cyberattacks an unavoidable extension of modern conflict. He added that attacks are no longer limited to criminal syndicates driven by financial gain; state‑linked actors are increasingly using cyber tools for espionage, disruption and strategic advantage.

He pointed to recent international news coverage that highlighted the deployment of cyberattacks alongside physical military action. “Cyberattacks are not just from a crime perspective. We’re seeing drones being deployed, and much the same, organisations now have to worry not only about cybercrime, but also about attacks from a nation‑state point of view.”

For businesses, this means the line between “unforeseen” and “foreseen” risks is narrowing. Threats previously thought unlikely are now part of a predictable pattern of escalation.  The only defence, he argues, is intelligence: “We need to turn the unforeseen into foreseen or predictable, and the only way to do that is with insights and intelligence.”

Threat intelligence, conference participation, industry collaboration, and continuous learning are increasingly non‑negotiable for organisations hoping to stay ahead of evolving threats. Hearteningly though, and judging by the participation level at the CyberX summit, there are companies and government sectors that are aware of this need.

The Target on our Back

Unfortunately, neither South Africa nor Africa are immune from the threat of cyberattacks, any more than they are cybercrime. In fact, Swanepoel noted that Africa is now the third most targeted region in the world for cyberattacks — a staggering statistic when compared to the continent’s relatively small number of internet users. Swanepoel added that South Africa, with its comparatively advanced financial services sector and large digital economy, stands out as a premium target.

“We’re as targeted as anyone else, on a per‑capita basis. Financial institutions, large enterprises, and critical infrastructure entities often serve as appealing targets due to the combination of high operational value and uneven defensive maturity,’’ he said.

A significant concern is the shift toward advanced persistent threats (APTs) — long‑term, stealthy intrusions often carried out by well‑resourced actors. As South Africa’s defensive maturity lags behind that of more digitally mature nations, attackers see fertile ground for more complex, sustained operations.

“We need to make ourselves less of an attractive target,” he emphasised. “Improving defences is the only way.”

Companies under threat

Despite rising global urgency, many companies remain slow to strengthen their cybersecurity posture. While some organisations respond quickly to international incidents by assessing their own exposure, others continue with a “business as usual” mindset.

“I would like to say companies are doing what they can. However, I’ve had conversations with companies who say they’re comfortable with what they’re doing,” he noted. “There’s still that ostrich‑head‑in‑the‑sand mentality: ‘I haven’t been breached, so I don’t see the problem.’ Often the reality is they have been breached — they just don’t know it.”

That being said, cost remains a major factor. Organisations assume that robust cybersecurity requires 24/7 in‑house security operations centres (SOCs), which can be expensive and resource‑intensive. But he argues that misconceptions play a huge role: alternatives such as managed detection and response (MDR) services offer increasingly sophisticated protection without requiring internal teams. Additionally, one fact remains: it is still easier to prevent an attack than to try recover from one.

But this is also exacerbated by the fact that cyberattacks continue adapting. As companies strengthen defences in one area, threat actors quickly pivot to another. For this reason, security cannot be viewed as a finish line. “It’s about getting better, not perfect. It’s a never‑ending target,” he noted.

Economic Pressure and the Temptation of Cybercrime

As unemployment rises and financial hardship deepens in South Africa, the fact that cybercrime is proliferating, and often run as a business – and a profitable one at that – begs a contentious question: why wouldn’t more people turn to cybercrime?

Swanepoel conceded that cybercrime becomes easier to rationalize for some. Fraudulent “remote job offers”, access to malware‑as‑a‑service, and the faceless nature of internet crime create a risky but often tempting mix.

A recent LinkedIn poll highlighted this worrying trend: a significant portion of respondents said they would consider a lucrative job opportunity even if it turned out to be linked to the dark web.

“With people under strain, and cybercrime feeling faceless, it becomes easier to justify,” Swanepoel warned. The rise of low‑cost malware‑as‑a‑service platforms and simple attack kits further lowers the barrier to entry. Even novice attackers can now execute ransomware and phishing campaigns with minimal technical skill.

Compounding the issue, AI is accelerating both capability and scale. “Everything becomes easier with automation, from coding and research and reconnaissance,” he explained. What used to require expertise can now be executed through user‑friendly tools powered by increasingly powerful AI systems.

To my mind, this means that cybercrime is becoming even more of an ethical, moral issue than ever.

Could Cybersecurity Fill South Africa’s Skills Gap?

However, with that there is a potential and possibility for those seeking an industry that is only becoming more relevant, to participate. Ironically, the same cybersecurity field facing an overwhelming demand for skilled professionals is operating within a national context marked by massive unemployment. This mismatch creates a major opportunity — if it can be tapped.

“One of our biggest challenges is the lack of cyber skills,” continued Swanepoel. Breaking into cybersecurity roles has traditionally required specialized training and certification, but he believes more can be done to lower barriers and create structured entry‑level pathways.

Cybersecurity roles also come with strong global demand. South African professionals are frequently recruited into international positions because of their high capability and favourable exchange‑rate‑driven hiring costs.

“Investing in cybersecurity skills not only helps the local market, but positions South Africans for opportunities in the global space,” he added. Government policy and industry‑academia partnerships could play a major role in scaling this pipeline.

The AI Quandary

It is no secret that AI is upending many industries, and likely, will disrupt more. For example, the call‑centre industry — a major employer in South Africa — faces significant disruption from advances in conversational AI. Tools capable of handling natural, human‑like dialogue are already performing tasks traditionally carried out by call‑centre agents.

Swanepoel related that a vivid example came from a live demonstration of an AI system booking a travel itinerary over a phone call. “If you hadn’t been told it was AI, you might not have noticed,” he noted.

This raises a critical question: as AI automates large swathes of call‑centre work, will displaced workers be reskilled into cybersecurity roles? The transition is far from straightforward.

Even within cybersecurity, the impact of automation is complicated. Many tier‑one analyst tasks, such as routine monitoring, alert triage, and basic investigations, are increasingly being automated. This raises concerns about how analysts will gain the experience necessary to progress to more senior, complex roles.

“It’s about finding a balance,” he says. “AI should alleviate workloads, not replace entire layers of human expertise,” stressed Swanepoel.

It also comes down to value. It seems to me that in the same way that reading, writing and arithmetic where valued in the previous century, and digital literacy is so in this one, an argument could be made that cybersecurity literacy could be, should be, more valued by companies in their employees in this one. It is well achnowledged that within organisations, from a security point of view, people are the weakest link. It would make sense, therefore, to offer incentives to employees to improve their cybersecurity literacy and cyberhygiene, perhaps with bonuses or salary increases. This would add a stronger layer of human-driven cybersecurity to the organisation, and become a transferable skill in its own right.    

The Bottom Line

Beyond technology and threat vectors, this is ultimately a story about people: the workers displaced by automation, the under‑resourced teams racing to defend their organisations, the people in cybersecurity companies battling with cybercriminals, and the citizens who rely on digital systems every day.

I walked away from my interview with Robert with the sense that cybersecurity is no longer just a specialist discipline, it is increasingly a societal responsibility.