Back to COVER Webmag homepage
Cyber
07 minutes

Leading through the breach: Preparedness is a competitive advantage in cybersecurity

Cyber resilience is not just about technology but leadership. South African businesses that prepare and lead well in a breach gain trust and advantage.
Written by
Pierre Lombard
Published on
September 18, 2025
Copy link

In 2025, several prominent South African companies faced the all-too-common reality of a cyberattack. Some took days to respond, with their systems offline and reputations on the line. Others, though fewer in number, recovered quickly, communicated clearly, and demonstrated control under pressure. The key difference? Preparation.

These moments are no longer purely technological. They are tests of leadership. When a business can maintain trust, stability, and service in the face of a breach, it gains more than just operational recovery. It earns a competitive advantage.

The anatomy of a response done right - Breaches are inevitable. However, it is not the presence of breaches that dictates a strong or weak cyber stance, it hinges on whether a business has built resilience through structure, foresight, and training.

From SHA’s recent claims review and based on real-world events, three common traits in effective cyber responses are:

  1. Clarity of command: Organisations with clearly defined roles and escalating paths act faster and more confidently, while mitigating decision paralysis.
  1. Stakeholder communication: Transparent, timely, and honest communication with staff, clients, and regulators helps manage reputational risk and maintain trust.
  1. Tested resilience: Regular simulations, up-to-date contingency plans, and rehearsed recovery protocols mean response teams don’t scramble when an incident occurs, they execute.

Organisations with rehearsed response plans and clear governance frameworks tend to experience lower long-term losses and reputational damage.  It is well known that breaches that are not detected or contained early, are more expensive than those that are.  From our observation, companies that respond within hours, and not days, suffer fewer long-term losses and are more likely to retain customer and investor confidence.

You’re invited to the Fleet Safety Awards 2025.

Date: 29 October 2025 | Time:16:00 – 20:00 Venue: Gallagher Convention Centre, Midrand

Santam is an authorised financial services provider (FSP 3416), a licensed non-life insurer and controlling company for its group companies.

Click here to RSVP by 17th October 2025

"A rapid, coordinated response can mean the difference between a controlled incident and a prolonged crisis."

Pierre Lombard
SHA

Impact on South African Businesses - Major South African organisations have been targeted including Cell C, Astral Foods, Standard Bank and more. These attacks exposed everything from customer data to sensitive internal systems. Yet, the greatest vulnerability often lies in the boardroom, not in the usually suspected firewall.

Multiple global studies highlight how many breaches are first detected by external parties (customers, attackers, or regulators) not internal teams.  Research indicates the number may be up to 67% of all instances.

This reinforces the need for internal detection and escalation, and to be ready on the communication front, to control the narrative.

PwC’s 2025 Digital Trust Insights report suggests that less than half of companies surveyed have implemented cyber resilience actions across entire organisations, and that a significant readiness gap exists.This ought to be a wake-up call for those tasked with ensuring readiness given that readiness is a major determinant of the cost and recovery time following a breach.  

A rapid, coordinated response can mean the difference between a controlled incident and a prolonged crisis. Businesses that detect issues early, act fast, and communicate with confidence can quickly minimise downtime and retain stakeholder trust.  Those that don’t, face weeks of uncertainty, reputational harm, and potential litigation.

How can leaders improve readiness?

You don’t need to be a cybersecurity expert to lead well in a breach. But you do need a plan, as well as the discipline to prepare for a crisis that may never come.  

Robust cyber leadership today should involve:

  • Running breach simulations across departments
  • Establishing a clear crisis communication protocol
  • Mapping data access across internal teams and external vendors
  • Clarifying who takes charge, both operationally and legally, during a breach  

Preparation builds advantage - A well-handled breach response sends a powerful signal. It says that this is a company that leads with integrity, plans for disruption, and puts trust first. Customers remember that and so do investors and regulators.

It is the most prepared company that recovers fastest from cyberattacks, not always the most secure. If your business made headlines tomorrow, would your clients trust you more or less? The answer lies in preparation and in leadership.

Dashboard mockup