Johannesburg, 11 Apr 2025
Evolving technology, increasingly stringent regulations and a lack of understanding at board level are among the myriad challenges facing South Africa’s CISOs, CROs, CCOs and CTOs as they battle to maintain organisational cyber resilience.
This emerged during an exclusive two-day CISO retreat hosted by Veeam in Magaliesburg. Themed: ‘The CISO’s strategic shift – from IT security to business enabler’, the event discussed the changing environment and pressures CISOs work under.
A thought leadership and roundtable discussion hosted by Andre Troskie, EMEA Field CISO at Veeam, and Ian Engelbrecht, Team Leader & Manager, Systems Engineering for Africa at Veeam Software, focused on ‘Governance in the age of resilience: Leading through uncertainty’.
They noted that achieving balance between innovation and resilience was a challenge. “We want to enable the business to take advantage of the latest technologies and processes and think to get to where they need to be. But we also have to take care of the risks and the emerging threats. Many CISOs come from a technical background, some come from a legal background, some come from a risk management background, and we have to take all these things into consideration,” they said.
The conversation focused on the need for board members to understand the implications of geopolitical factors on product dependencies and how these affect the organisation. Participants said CISOs had to enhance education and awareness among board members regarding technical processes and their impact on risk and resilience; as well as demonstrate the value of IT improved reporting and metrics-based decision-making.
MC Rodney de Koch, board advisor, business coach, sales strategist (SaaS) and digital evangelist, noted: “As resilience shifts from reactive recovery to proactive adaptability, governance provides the framework for aligning leadership, risk management and cultural readiness.”
The dialogue focused on the intersection of financial services and public sector governance, emphasising the need for alignment with standards set by financial services. Participants discussed the role of the Auditor General in providing oversight and the importance of compliance and governance models.
Speakers also noted the importance of organisations remaining relevant to customers, and a roundtable discussion focused on elevating the visibility of the CISO and the level of cyber conversations in the boardroom.
The discussions centred on the CISO control framework and its significance in internal control and risk management, particularly in light of increasing regulatory demands for resilience. Participants noted that many organisations are not adequately addressing resilience, which is becoming essential in the current regulatory landscape. They warned that without proper resilience procedures, organisations risk falling into a negligence threshold, especially with new regulations raising expectations for improved global maturity levels.
Participants also noted that incident disclosure regulations and associated penalties would put CISOs under additional pressure: “We need robust ICT risk management processes, and this goes beyond ISO 27001. Now, we must provide the assurance that the process is in place, the process is implemented and we have to demonstrate that that process works. In addition, public companies must disclose material cyber security incidents within four days.”
Share