As global cybercrime spikes, strong business leadership is required to increase organisational security and confidence.

Managing Cyber Risks Proactively

Amidst rising cybercrime, ongoing lockdowns, and the looming Protection of Personal Information Act (POPIA) deadline in South Africa, organisations and their employees are facing a staggering increase in cyber risks as they continue to move more of their operations online to enable remote working. Award-winning IT Governance & Architectural services consultancy, AVeS Cyber Security, today launches a risk-based security awareness and education campaign across Southern Africa to assist organisations in managing their cyber risks more proactively.

See also: Cyber security focus for remote workers on Channel Africa’s Africa Rise & Shine show >>

With more than 23-years of experience helping Southern African organisations achieve confidence in their digital information, AVeS Cyber Security recognises employees as most vulnerable to cybercriminals’ current attack methods. Cybercriminals use persistent social engineering techniques, forcing employees’ to make errors in judgment and unwittingly grant them access to organisations’ systems.


According to IBM X-Force Threat Intelligence Index 2021, human error was a major contributing cause in 95% of all data breaches in 2020, which means that mitigation of human error must be key to organisations’ cyber security strategy in 2021.


A Pandemic’s Impact on Cyber Security

Security awareness and training are crucial in protecting businesses’ and their clients’ confidential information. For example, in the first 100 days of the COVID-19 lockdown in 2020 alone, Mimecast researchers detected huge increases in spam attacks (up 46%), impersonation attacks (up 75%) and malware, which spiked by a staggering 385%.

“It is crucial for all organisations to realise that their employees have a defining role to play in strengthening the business’s cyber security capabilities and lowering its cyber risk exposure. It is simply not the responsibility of the IT department or technology alone, “says AVeS Cyber Security’s Group CEO, Charl Ueckermann.


Cyber risk remains a business risk.


A Lean Approach to Cyber Security

Through this campaign, AVeS Cyber Security is encouraging and teaching organisations to be pragmatic in planning and implementing solutions that address cyber security threats in the following ways: taking quick assessments to identify current cyber risks of IT users within organisations; planning and strategising on suitable approaches that will resonate with users in a way that facilitates IT behaviour change, whether it be through workshops, interactive group games, a training platform or end-to-end awareness campaigns; and finally, testing the initiatives for effectiveness.

To manage an organisation’s risks proactively requires business leaders to combine people, processes and technology in their cyber security initiatives. Security awareness and training identifies and addresses risks successfully across all three categories and fulfils regulatory demands to protect confidential business and personal data.

Meeting Data Privacy Laws’ Requirements: POPIA & Employee Training

In further addressing a global cybercrime challenge, South Africa’s newly introduced data privacy legislation, POPIA, aims to ensure that organisations protect client’s data as South Africa’s developing digital infrastructure becomes the target of more opportunistic and targeted cybercrime. Security awareness and training can be used to strategically meet some of the legislation’s data privacy requirements while mitigating cyber risks and attacks, reducing operational costs, and protecting the business’s assets.

Ueckermann also points out that the strategic value of companies is becoming more and more captured within the digital data they process, such as financial data, intellectual property, and business tactics, which makes it even more crucial to protect.


Case studies show that a weak cyber risk management system starts when IT governance is not in place. IT governance needs to be strongly led by the Board of Directors, and then well-executed by the IT department.


Questions for Business Leadership

An organisation’s leadership can start by answering five key questions:

  1. Where is the organisation on its data privacy and cyber security maturity journey?
  2. What are the most significant cyber risks facing the business?
  3. What are the extent and consequences of these cyber threats?
  4. What is the most pragmatic and effective approach to managing these risks?
  5. And, who can facilitate the process of fast-tracking the organisation’s journey in reasonably mitigating high-risk cyber threats?


“The biggest challenge that contributes to organisations continuing to be victims of cybercrime is a lack of direction by executive management to prioritise the people-led safeguards in the business. With purpose-driven security awareness and training, organisations can put an effective risk management system in place and reduce many of the simple mistakes that have huge cyber security consequences, such as clicking on phishing links or inserting unknown USBs into Wi-Fi-connected computers, “says Ueckermann.

Ueckermann wants to ensure that all companies and their employees don’t become the weakest links in cyber security. Companies can get cyber security advice, services and assessments by contacting AVeS Cyber Security.

More on People: Higher ROI and lower risks when the people side of change is managed >>

Do you like this article? Sign up to receive updates of new articles like these straight in your email inbox >>

Ready to lead your organisation into the future, securely?

Empower end-users to help protect their organisation’s data and assets with your unique Information Security Awareness & Training Services

Pin It on Pinterest

Share This