As the Liberty data breach underscores escalating exposure, cybersecurity is shifting from an IT function to a board-level strategic priority.
The recent Liberty data breach, in which the company detected unauthorised third-party access to select data systems (Liberty), has once again exposed the vulnerability of even established organisations within South Africa’s increasingly hostile cyber landscape. While investigations continue, the incident reinforces a clear reality: cyber risk is no longer confined to IT departments, but has become a systemic business risk with financial, regulatory and reputational consequences.
This comes amid rising threat activity across the country. South Africa is now among the most targeted nations globally, facing an estimated 577 cyberattacks per hour, according to the Yolo Cybersecurity Report. More broadly, cybercrime is estimated to cost the South African economy around R2.2 billion annually (TechCabal, 2025), underscoring its macroeconomic impact.
South Africa’s cyber exposure is driven by high digital adoption, valuable data, and uneven security maturity across organisations. Skills shortages and legacy systems further compound risk, creating an environment easier for attackers to exploit. Against this backdrop, cybersecurity experts describe the Liberty breach as indicative of a deeper structural weakness in how organisations manage cyber risk.
“The Liberty breach highlights how cyber risk in South Africa is both widespread and highly sophisticated, impacting organisations of all sizes non discriminately,” says Muhammad Ali, Managing Director of South African ISO specialist World Wide Industrial & Engineering Systems (WWISE).
“It exposes weaknesses in detection, response, and continuous risk management. Compliance alone is no longer sufficient. Organisations must adopt resilience-based security approaches aligned with information security best practice standards, with continuous testing and validation of controls.” The incident reflects a broader shift pulling cybersecurity out of technical departments and into executive governance structures. Boards are increasingly expected to take ownership of cyber risk as part of enterprise-wide accountability and fiduciary responsibility. PwC’s 2025 research shows that 68% of South African organisations now view cybersecurity not only as risk mitigation, but as a competitive advantage.
Ali says this evolution is both necessary and overdue.
“Cyber risk moves into the boardroom when it begins to pose a material threat to financial performance, operational stability, or reputation. For most organisations, that threshold has already been reached,” he explains. “Best-practice governance frameworks are clear: accountability for cyber risk sits with top management, not just IT teams.”
However, many organisations continue to treat cybersecurity as a compliance requirement, particularly under the Protection of Personal Information Act (POPIA) and the Cybercrimes Act. Despite rising enforcement pressure, readiness remains inconsistent. “Regulatory scrutiny is intensifying, yet many organisations are still not sufficiently prepared to meet it,” Ali notes.
“Gaps remain in data governance, incident response, and third-party risk management. POPIA is often treated as a once-off exercise rather than an ongoing discipline.”
The consequences of underestimating cyber risk extend well beyond regulatory penalties. Businesses face operational disruption, legal exposure, and reputational damage that can persist long after containment.
“The real cost of a breach is frequently underestimated,” Ali says. “It includes legal liability, downtime, loss of customer trust, and erosion of investor confidence, impacts that can take years to repair.” As cyber threats evolve, attackers are increasingly leveraging automation, artificial intelligence, credentials, and social engineering to bypass traditional defences by targeting people and behaviours rather than systems. “Cyber threats are increasingly identity-based and AI-driven,” Ali explains, “which requires stronger identity controls and more adaptive security strategies.”
This shift is driving demand for continuous monitoring and real-time response. Traditional periodic audits are no longer sufficient. “Continuous monitoring is now essential,” Ali says. “Threats evolve in real time, so detection and response must be immediate. Anything less leaves organisations exposed.” Security Operations Centres (SOCs) are central to this capability, providing real-time visibility, threat detection, and coordinated incident response. “SOCs play a critical role in modern cybersecurity,” Ali adds. “They provide continuous monitoring and centralised visibility, particularly for organisations without deep internal expertise.” Ultimately, the shift underway is as much about governance as it is about technology, requiring stronger board oversight, clear accountability, and alignment with frameworks such as COBIT, the National Institute of Standards and Technology (NIST) Cybersecurity Framework, and ISO/IEC 27001:2022, which embed cybersecurity into enterprise risk and strategic management.
“A proactive cybersecurity approach integrates cyber risk into enterprise risk management,” Ali says, “with defined accountability and alignment to recognised frameworks, prioritising resilience through detection, response, and continuity alongside prevention.”
As cyber risk intensifies across Africa and globally, the implication for leadership is clear: cybersecurity is no longer an operational concern, but a strategic imperative firmly anchored in the boardroom.
