A recent Kaspersky survey in the Middle East, Turkiye and Africa (META) region entitled “Cybersecurity in the workplace: Employee knowledge and behaviour”, found that just 46% of professionals surveyed in South Africa received training on digital threats. This knowledge gap is significant, especially given that the majority of cybersecurity breaches are attributed to human error. The findings underscore a need for IT departments to provide clear guidance and for organisations to implement structured, practical cybersecurity training that reaches employees at every level.
Many cyberattacks today are deliberately designed to bypass digital defences by exploiting human psychology. "Social engineering" schemes, like phishing emails, manipulate trust and urgency to trick employees into sharing sensitive information or initiating fraudulent transactions. Half of surveyed professionals in South Africa (50%) encountered scams disguised as messages from their organisation, colleagues or suppliers within the past year, while 7% suffered negative consequences after such deceptive communication. Other cybersecurity issues closely linked to the human factor include compromised passwords, the leakage of sensitive data, unpatched IT systems and applications, unlocked and unencrypted devices.
Human-related cyberattacks can be prevented through appropriate education and awareness. 8% of local respondents acknowledged they made IT-related mistakes due to a lack of cybersecurity knowledge. At the same time, training was named as the most effective means of raising cybersecurity awareness among non-IT employees: 63,5% of professionals surveyed in South Africa chose it over other options such treat stories (32%) and references to legal responsibility (33%). These findings show that cybersecurity training is an essential layer of organisational defence.
When given the opportunity to choose specific training topics, respondents from South Africa said they would choose ones dedicated to protecting confidential work data (40%), websites and Internet security (38,3%), security of accounts and passwords (34,8%), e-mails (31,5%), secure remote work (27,3%), mobile devices (26,3%), safe use of social networks and messengers (19%), and safe use of neural network-based services such as chatbots (16,8%), while 41,5% would prefer to undergo all the above trainings, which highlights the broad demand for comprehensive cybersecurity education.
The data shows that employees are open to improving their cybersecurity skills. However, for this knowledge to become an integral part of their daily IT routines, training needs to be well-structured, tailored to the role and existing IT skills of each employee, regularly updated, as well as gamified and practical. This approach enhances engagement and knowledge retention. When organisations invest in such education, they are not just meeting a requirement, but also fostering a "security-first" mindset among workforces. This turns employees from a potential point of weakness into a distributed network of vigilant guards, capable of making smart security decisions instinctively.
“Cybersecurity should extend beyond the IT department. Every level of the organisation, including executives, must understand digital risks. Resilience comes from empowering employees to identify scams, avoid mistakes, and protect the data they handle,” says Chris Norton, General Manager for Sub-Saharan Africa at Kaspersky.
To strengthen their defences organisations should consider the following:
- Implement robust monitoring and cybersecurity solutions, for example from the Kaspersky Next product line.
- Introduce employee education and cybersecurity trainings, such as the Kaspersky Automated Security Awareness Platform,developed to help IT and HR departments with delivering practical cybersecurity skills to employees.
- Implement security policies for employees, from password and software installation to network segmentation.
- Foster a culture of security: encourage employees to report suspicious activity, reward proactive security behaviours to reinforce good habits.
*The survey was conducted by Toluna research agency at the request of Kaspersky in 2025. The study sample included 2800 online interviews with employees and business owners using computers for work in seven countries: Türkiye, South Africa, Kenya, Pakistan, Egypt, Saudi Arabia, and the UAE.
