With cybercrime on the rise, more than a third of South Africa IT decision-makers (35%) are on high alert - and expecting cyber-attacks on their businesses within days.

This is a core finding of a new research study entitled The State of Enterprise Security in South Africa 2019, conducted by World Wide Worx in partnership with Trend Micro and VMware. It surveyed IT decision-makers at 220 enterprises across all industries in South Africa on the centrality of cybersecurity in business strategy, the vulnerability of businesses, and security compliance.

It found that, aside from the 35% expecting an imminent attack, a further 31% of businesses expected an attack with the year. Fewer than one in five IT decision-makers in SA enterprises think they are safe from attack in the next two years.

Just over half, 57%, of businesses say they will detect evidence of a malicious breach within a few minutes. However, almost half of businesses (43%) won't know they've been compromised until a few hours or longer after a security breach. Such businesses may be in for a big shock. Ransomware and other file destroying malware may corrupt almost every file on a user's computer within a few hours, which means any response would be too late.

Surprisingly, IT decision-makers are willing to accept responsibility. Half of the respondents (51%) says they would blame their own departments in the event of a breach.

"This finding shows IT decision-makers are cognisant of how important security is to their role, as half of IT decision-makers would accept accountability for a data or security breach in their organisations," says Indi Siriniwasa, Vice President Sub-Saharan Africa at Trend Micro.

The survey shows a disconnect between who would be aware of data breaches and who should be aware of data breaches. Over a third of IT decision-makers (36%) reported that the IT department would be the most aware of the actions to take after a data breach, while over half of IT decision-makers (54%) reported that their Chief Information Officers should be the most aware of how to navigate the organisation after a data breach.

"We were astonished when we found that CIOs don't lead the organisation's response to a data breach," says Lorna Hardie, Regional Director Sub-Saharan Africa at VMware. "This finding shows that organisations still have a long way to go in terms of connecting a CIO's strategy to that of the IT department."

The biggest shortcoming in cybersecurity preparedness was outdated software, with an enormous 77% of IT decision-makers reporting that it makes their organisations highly vulnerable. In terms of additional vulnerability factors, senior management not understanding the risk slots in close behind, indicating a massive need for education and a need for a new approach to security, where it is an intrinsic part of the systems deployed by business.

"All of this then leads us to imagine that the IT departments must feel under siege, yet they are supremely confident in their ability to protect companies," says Arthur Goldstuck, managing director of World Wide Worx. "Any question relating to their capacity and capability is met with resounding confidence, suggesting that they are either over-confident, or supremely arrogant. At best, we would say that they don't want to be perceived as falling down on the job and can cope regardless of the obstacles in their way and the threat out there.

"Although 99% says they are confident about protecting the company, the picture disintegrates when asked if they have the skills to do so. Almost half - 45% - agree that they don't have the skills to protect the company, this disconnect suggests overconfidence in their ability to protect the business," adds Goldstuck.

Says Hardie: "There is a huge need for senior financial decision-makers to learn that an ounce of data breach prevention is worth a pound of lost data and productivity. Interestingly the research highlights that there will be breaches, that is a fact, but it is how business mitigates these risks going forward with a modern approach to security where we aren't chasing each breach, but instead shift to a model where we build intrinsic security into everything – the application, the network, essentially everything that connects and carries data."

Siriniwasa concurs: "The report reveals a stark trend in how South African IT decision-makers protect their corporate networks to gives a clear sense where South African companies need to remain strong and areas of IT security where they need to work on. At this stage, strong information and data security are non-negotiable, but ensuring this requires a cultural shift towards security awareness and collaboration across all parts of the business. Not only does business need to invest in security solutions that are pervasive and intrinsic, but they also have to invest in the right skills and people to drive best practice forward."

According to VMWare and Trend Micro, among the concrete steps to address cyber security are to stop focusing on multiple point solutions – the focus should be on applications, and ensuring the good, rather than the bad.

Building higher walls don't necessarily save businesses, the modern security mind-set should be to focus on creating layers, so if there is breach, it will only affect a subset of the organisation, the companies add.

Education is at the core of a company's security strategy and its efficiency, specifically in terms of user behaviour, according to Trend Micro.

The company mentioned that there are 350,000 new unique threats every day, 99.99% of exploits will be based on known vulnerabilities and cybercriminals will use AI to predict the movements of executives or other targets.