South Africa currently has a skills gap in cybersecurity, according to the cyber security group Fortinet’s 2023 Cybersecurity Skills Gap report.

The report is based on a survey of over 1,800 IT and cybersecurity decision-makers from 29 countries, including South Africa.

The report said that approximately 3.4 million professionals will be needed to fill the cybersecurity workforce gap globally, with the cybersecurity talent shortage being one of the main issues putting organisations at risk.

86% of companies that took part in the report said that they experienced more than one cyberattack in the last year, which could be partially linked to a lack of cybersecurity skills in their staff.

52% of South African respondents said that they expected cyberattacks to increase within the next 12 months.

In response, 94% of South African companies said that they would be willing to pay an employee to get a cybersecurity certificate. 

Despite the desire for cybersecurity certifications, more than 70% of global respondents said that it is difficult to find people with the necessary certificate.

A lack of cybersecurity skills is having a major economic effect on businesses.

Close to 50% of global organisations said that they were impacted financially due to security breaches in the year, with it costing over $1 million to solve these issues – a 38% increase from the previous year’s report.

The report said that phishing, malware and password attacks made up 81% of the attacks by the surveyed participants in 2022.

These types of attacks can target systems and users directly. Phishing schemes are especially notable as they can deliver the other attack types, with malware and social engineering leading to password and web attacks.

Other cyberattacks 

Fortinet previously said that a growing number of cybercrime incidents are occurring due to the work-from-home and hybrid work models.

According to the group, nearly two-thirds of companies in South Africa have reported data breaches due to work-from-anywhere (WFA) susceptibilities.

Due to load shedding, South Africans are particularly at risk as a lack of power forces WFA workers to alternate between networks – fibre, mobile, and public Wi-Fi – creating opportunities for attackers to intercept business communications on an unprotected device.

The group said that cyber security needs to be a major priority for companies but believes that WFA will likely be here to say as it does have several benefits.

“Only a third of employees in EMEA countries, including South Africa, have returned back to the office full-time. Most companies in this region allow for a mixture of remote work up to four days per week or even permanently,” Fortinet said.

Companies will thus have to invest and develop a cybersecurity footprint, with 94% of companies surveyed in the group’s 2023 WFA Global study expecting to increase their security budget in line with WFA policies.