TCS+ | Why cybersecurity is becoming a competitive advantage for SA businesses
Loading player...
Cybersecurity is undergoing a quiet but important shift in South African boardrooms: from a defensive cost centre to a strategic business enabler. That was the central theme of a recent TechCentral TCS+ podcast discussion featuring Vodacom Business acting executive head for cloud security Lukhanyo Zahela and KnowBe4 Africa senior vice-president for content strategy Anna Collard.
Once seen primarily as an IT problem, cybersecurity is now recognised as a material business risk with direct financial, operational and reputational consequences. But the discussion made clear that security, done well, can also signal organisational maturity to regulators, investors and partners – and increasingly, become a source of competitive advantage.
Collard likened strong security controls to having “good brakes on a fast car”. Without them, businesses cannot safely deploy emerging technologies such as artificial intelligence or scale digital platforms with confidence. Availability and resilience, she argued, are foundational: “Businesses are in business to stay in business.”
That foundation is under growing pressure. Zahela said South Africa’s threat landscape is evolving rapidly, driven by a criminal ecosystem that is itself adopting automation and AI. Phishing attacks have become far more convincing, while ransomware continues to disrupt cloud migrations, often exploiting misconfigured environments rushed into production.
Defenders, however, are also using AI. Vodacom Business has integrated AI-driven detection and response into its managed security services, reducing the time taken to detect and respond to threats from hours to minutes, or even seconds. Crucially, these systems are adaptive, learning continuously from global threat intelligence rather than relying on static rules.
Despite advances in automation, human behaviour remains central to security outcomes. Many breaches still involve simple mistakes. Collard argued that well-trained employees can act as an extension of the security function, providing judgment and context that AI cannot. The challenge is that organisations must now secure not only people, but also the AI tools and agents they use – all of which can themselves be manipulated.
This requires what Collard described as “digital mindfulness”: a security-aware culture led from the top. Executives must model good behaviour, while organisations adopt zero-trust principles that continuously verify identity and access rights across employees, partners and devices, enforcing least-privilege access by default.
To turn security into an enabler rather than a blocker, it must be embedded from the start. “Security by design” – integrating safeguards into systems, processes and digital initiatives upfront – avoids costly retrofits later and allows innovation to move faster with clearer risk boundaries.
The payoff can be tangible. A strong security posture can reduce cyber-insurance costs, improve business continuity and prevent expensive operational disruptions. More broadly, trust built through resilience and good governance can attract customers, partners and investors.
The key message for business leaders, the speakers agreed, is to stop treating security as reactive. The more powerful question is no longer, “How do we protect what we have?”, but rather, “How does security enable us to do what we couldn’t do before?”
Don’t miss this important conversation!
Once seen primarily as an IT problem, cybersecurity is now recognised as a material business risk with direct financial, operational and reputational consequences. But the discussion made clear that security, done well, can also signal organisational maturity to regulators, investors and partners – and increasingly, become a source of competitive advantage.
Collard likened strong security controls to having “good brakes on a fast car”. Without them, businesses cannot safely deploy emerging technologies such as artificial intelligence or scale digital platforms with confidence. Availability and resilience, she argued, are foundational: “Businesses are in business to stay in business.”
That foundation is under growing pressure. Zahela said South Africa’s threat landscape is evolving rapidly, driven by a criminal ecosystem that is itself adopting automation and AI. Phishing attacks have become far more convincing, while ransomware continues to disrupt cloud migrations, often exploiting misconfigured environments rushed into production.
Defenders, however, are also using AI. Vodacom Business has integrated AI-driven detection and response into its managed security services, reducing the time taken to detect and respond to threats from hours to minutes, or even seconds. Crucially, these systems are adaptive, learning continuously from global threat intelligence rather than relying on static rules.
Despite advances in automation, human behaviour remains central to security outcomes. Many breaches still involve simple mistakes. Collard argued that well-trained employees can act as an extension of the security function, providing judgment and context that AI cannot. The challenge is that organisations must now secure not only people, but also the AI tools and agents they use – all of which can themselves be manipulated.
This requires what Collard described as “digital mindfulness”: a security-aware culture led from the top. Executives must model good behaviour, while organisations adopt zero-trust principles that continuously verify identity and access rights across employees, partners and devices, enforcing least-privilege access by default.
To turn security into an enabler rather than a blocker, it must be embedded from the start. “Security by design” – integrating safeguards into systems, processes and digital initiatives upfront – avoids costly retrofits later and allows innovation to move faster with clearer risk boundaries.
The payoff can be tangible. A strong security posture can reduce cyber-insurance costs, improve business continuity and prevent expensive operational disruptions. More broadly, trust built through resilience and good governance can attract customers, partners and investors.
The key message for business leaders, the speakers agreed, is to stop treating security as reactive. The more powerful question is no longer, “How do we protect what we have?”, but rather, “How does security enable us to do what we couldn’t do before?”
Don’t miss this important conversation!
