"Cyber-attacks are on the rise globally, with seriously negative implications for countries’ strategic, national, economic and social well-being."
"One reason for South Africa’s poor showing may lie in the fact that a 2020 Accenture report found the country’s internet users were inexperienced and less technically alert."
There is actually a South African National Cybersecurity Policy Framework from 2013, as well as an established government National CSIRT (Computer Security Incident Response Team ). But the political will from government to make it work seems missing and no such partnerships have really developed.
A key problem though is with governance itself. SA has excellent policies on open source software as well as minimum interoperability standards, but few officials actually even know about them, let alone apply them daily. The audits, you'd think, would be looking at compliance, but no, the Auditor-General's scope mandate is given by National Treasury, and that scope is mainly around financial controls.
So it may be that National Treasury does not appreciate the real costs behind cybersecurity, open source software, or having interoperable standards. For all three, costs are only one aspect of what they address, and it could be said that both cybersecurity as well as open source could also help create more local jobs. Certainly interoperable standards help reduce costs as well as vendor lock-in.
Why governance? Because it triggers a broader audit scope, which starts raising awareness of gaps, and then manages the closure of those gaps through training, compliance, etc. For any large government (or other institution) you cannot just rely on a few ad-hoc awareness e-mails and posters on walls... it needs proper institutional actions to be put in place with monitoring.
See What South Africa must do to fight cybercrime
Cyber-attacks are on the rise globally, with seriously negative implications for countries’ strategic, national, economic and social well-being.