Resources hub

Resources & insights.

Practical cybersecurity guidance, threat intelligence, and compliance resources for South African businesses.

Featured cluster

AI threat & governance insights

New for 2026. Articles, audit observations, and field notes on how AI is changing what attackers do — and what South African organisations should do about it.

Reference

The AI threat landscape

Canonical reference covering six categories of AI-augmented attacks observed in 2026.

 Service

AI Usage Audit

Find out which AI tools your employees are using. Lead-gen for AI Governance.

 Service

AI Governance & Compliance

Ongoing engagement to make AI use safe, sanctioned, and defensible.
Insights

Cybersecurity & compliance insights

Shadow AI in South African Organisations: The Audit-First Answer

Most South African organisations have no inventory of which AI tools their employees use, what personal information flows to them, or what the vendor terms grant. POPIA does not let you say 'we did not know.' The honest answer starts with discovery.

Read article

POPIA Section 71 and Automated Decision-Making: What Counts, What's Required

Section 71 of POPIA is the section that catches AI workflows. It governs decisions made 'solely on the basis of the automated processing of personal information' — and it gives the data subject the right to refuse them. Information Officers in 2026 cannot afford to misread it.

Read article

The FSCA and SARB Prudential Authority Position on AI in Financial Services

The FSCA and Prudential Authority published their joint position on AI in financial services in November 2025. The signal is principles-based, technology-neutral, and harder to defend against than an EU-style horizontal Act. Here is what South African financial organisations should expect supervisory dialogue to look like in 2026.

Read article

AI-Augmented Attacks in South Africa: Deepfakes, BEC and Ransomware in 2026

South Africa is the most targeted country in Africa for cyber attacks. In 2026 the attacks are no longer foreign-flavoured templates — they speak SARS, eFiling, and load-shedding. Mid-market organisations need to update their controls or accept the new loss rate.

Read article

SAHPRA's AI/ML SaMD Framework: What South African Healthcare Organisations Must Know

SAHPRA published one of the more advanced sector AI documents in South Africa in September 2025 — an AI/ML Software-as-a-Medical-Device framework. For healthcare organisations deploying or developing AI-driven clinical decision-support, SaMD classification is no longer optional.

Read article

POPIA Compliance in 2026: What South African Businesses Must Have in Place

The Information Regulator has ramped up enforcement since 2023. South African businesses handling personal information need documented controls, a designated Information Officer, and a tested breach response process — here's the full picture.

Read article

CIPC Registration and Cybersecurity: What Companies Must Know

The Companies and Intellectual Property Commission holds sensitive company records for millions of South African entities. Recent CIPC breaches have raised the bar for what regulators expect from registered companies around data and system security.

Read article
View all articles
Tailored advice

Need tailored
guidance?

Every organisation's risk landscape is different. Speak to a senior consultant about your specific challenges and compliance requirements.

Speak to a consultant