One of the core reasons why businesses remain vulnerable to cyberthreats is that they underestimate their risk or overestimate the strength of their existing defences. According to a recent Kaspersky survey entitled “Cybersecurity in the workplace: Employee knowledge and behaviour”, 48% of professionals surveyed in South Africa, whose work requires the use of computers, asses the risk of a cybersecurity incident happening to their company as quite possible.
Commenting on the probable consequences of a cybersecurity incident, 52,3% of employees surveyed in South Africa supposed that it might seriously affect the company. This understanding of risks comes not only from general cybersecurity awareness, but also from knowledge about cyber incidents in their organisations: 23,3% of local respondents acknowledged such incidents happened in the past 12-months, while an additional 17,8% said they have heard about these incidents from colleagues.
Organisations nowadays face a variety of cyberthreats ranging from phishing and business email compromise to ransomware and advanced persistent threats. In a lot of these attacks, the entry point into the organisation’s network is via a human mistake, and it is for that reason attackers actively employ social engineering techniques and AI tools to make their efforts more effective.
The survey shows that the majority of respondents understand that cybersecurity is an issue that should be considered by the IT department, while 11,8% also mentioned top level executives and 5,3% cited legal and financial employees as core groups within the business who should keep cybersecurity issues in mind. Only 36% of employees surveyed viewed cybersecurity as an issue that should be considered by all employees across the entire business.
“In today’s digital landscape, cybersecurity is a collective responsibility that extends beyond the IT department. Every employee should remain vigilant against evolving threats. Regular cybersecurity training, use of relevant IT solutions, well-defined policies and an incident response plan are essential pillars of organisational cyber resilience. When every team member is informed and prepared, the organisation stands stronger against cyber threats," says Brandon Muller, Technical Expert for the MEA region at Kaspersky.
To help organisations strengthen their defenses, Kaspersky recommends the following:
- Employee education and cybersecurity training is necessary as human error is a common cause for cybersecurity breaches. Solutions such as Kaspersky Automated Security Awareness Platform can help with practical cybersecurity skills such as recognising phishing emails and suspicious links.
- Upskill cybersecurity teams with Kaspersky online trainings, and with Kaspersky Threat Intelligence. In addition, Kaspersky’s Digital Footprint Intelligence can help with monitoring external threats for companies’ assets, strengthening defense against credential leaks.
- Implement robust monitoring and cybersecurity solutions, for example from the Kaspersky Next product line.
- Set up offline backups that intruders cannot misuse, and make sure you can access them quickly in an emergency.
- Implement security policies for employees, from password and software installation policies to network segmentation.
- Foster a culture of security: encourage employees to report suspicious activity without fear of blame, reward proactive security behaviours to reinforce good habits, for example during phishing simulations.
*The survey was conducted by Toluna research agency at the request
of Kaspersky in 2025. The study sample included 2800 online interviews with
employees and business owners using computers for work in seven countries:
Türkiye, South Africa, Kenya, Pakistan, Egypt, Saudi Arabia, and the UAE.
