Issuu

AI isn’t just defending your business – it’s targeting it too

Rethinking Resilience

Resilience is no longer about having a backup plan. It means being able to adapt – faster than the market shifts, the threats evolve, or the next compliance requirement lands on your desk.

In this issue of Digital Business, we explore how South African businesses are rethinking resilience in a landscape that’s as complex as it is fast-moving. Cloud adoption is no longer novel; it’s foundational. But cost pressures, skills shortages, and fragmented architectures are pushing CIOs to do more with less – while still promising scalability, security, and service continuity.

AI adds a new layer of pressure. It’s helping teams automate threat detection and close talent gaps. But it’s also arming attackers with better tools, faster tactics, and increasingly sophisticated deepfakes. In this environment, relying on outdated systems or legacy playbooks isn’t just risky – it’s negligent.

What’s becoming clearer is this: the tech alone isn’t enough. The real competitive edge lies in people – whether that means security teams being upskilled through local bootcamps, business leaders embracing cloud strategy as a boardroom priority, or organisations maturing their operations to unlock long-term value.

You’ll nd stories in this issue that span deep technical insight, human-centred innovation, and forward-looking strategy. From the economics of cloud optimisation to the ethics of AI in an African context, these are the conversations shaping digital business – not just in 2025, but from here on out.

We hope it helps you see not just where the future’s going – but how to meet it on your own terms.

Brendon Petersen Editor

DIGITAL BUSINESS

PUBLISHED BY

Businesses

Picasso Headline, A proud division of Arena Holdings (Pty) Ltd, Hill on Empire, 16 Empire Road (cnr Hillside Road), Parktown, Johannesburg, 2193 PO Box 12500, Mill Street, Cape Town, 8010 www.businessmediamags.co.za

EDITORIAL

Editor: Brendon Petersen

Content Manager: Raina Julies

rainaj@picasso.co.za

Contributors: Zjaén Coetzee, Trevor Kana, Nic Laschinger, Morné Louwrens, Prejlin Naidoo, Jason Nicholls, Carrie Peter, Anthony Sharpe, Divesh Sooka

Copy Editor: Lisa Witepski

Content Co-ordinator: Natasha Maneveldt

Online Editor: Stacey Visser vissers@businessmediamags.co.za

DESIGN

Head of Design: Jayne Macé-Ferguson

Senior Designer: Mfundo Archie Ndzo Cover Image: sdecoret/123rf.com

SALES

Project Manager: Tarin-Lee Watts wattst@arena.africa | +27 87 379 7119 +27 79 504 7729

PRODUCTION

Production Editor: Shamiela Brenner

Advertising Co-ordinator: Shamiela Brenner

Subscriptions and Distribution: Fatima Dramat fatimad@picasso.co.za

Printer: CTP Printers, Cape Town

MANAGEMENT

Management Accountant: Deidre Musha Business Manager: Lodewyk van der Walt General Manager, Magazines: Jocelyne Bayer

Why a ‘cloud- rst’ approach is key to unlocking real business value.

Why moving to the cloud is a total reinvention rather than a transition.

THE 2025 cybersecurity outlook Why AI is central to digital defence

AI is not only changing how organisations defend themselves; it’s also giving cybercriminals new tools to attack faster, more effectively, and with greater sophistication, say MORNÉ LOUWRENS , MD of Advisory at Marsh Africa and PREJLIN NAIDOO, digital partner at Oliver Wyman

Last year, more than three in ve South African workers admitted to using generative AI tools such as ChatGPT regularly to boost productivity. But those same tools are risky: workers may be using these AI tools to generate presentation decks from uploaded internal reports, and in the process, unwittingly publicising sensitive company data.

IN SOUTH AFRICA ALONE, CYBERCRIME CAUSES ANNUAL LOSSES

OF R2.2-BILLION.

As businesses integrate AI further into their operations, new vulnerabilities are emerging. Cybercriminals are quick to exploit these systems, using AI to automate attacks, generate convincing phishing emails, and write malicious code.

The World Economic Forum’s 2025 Global Risks Report ags generative AI as a ‘critical’ disinformation threat, capable of undermining public trust and destabilising institutions.

At the same time, AI offers cybersecurity experts powerful capabilities. It can detect threats in real time, identify unusual patterns in user behaviour, and help IT teams respond faster. However, this will likely intensify the arms race

between attackers and defenders. With a global shortage of cybersecurity professionals, AI offers a human resource advantage, because it can also help plug skills gaps in a market where digital security experts are in short supply.

Still, technology alone isn’t enough. Human error is the weakest link, responsible for nearly 70% of successful breaches. That’s why governance, education and strong internal policies are just as important as rewalls and monitoring tools.

Cybercrime as big business

Hackers are increasingly targeting Africa with ransomware, exploiting the perception of weaker defenses to trial new attack methods. The Interpol report shows how past attacks in Africa have focused on critical infrastructure such as healthcare systems and government services, threatening public safety and economic stability.

In 2025, cyberattacks are expected to become even more targeted and politically charged. Misinformation and deepfakes will be used to sow distrust and confusion. As the WEF warns, the spread of disinformation is both a cybersecurity issue and a broader societal risk.

AI helps cybercriminals launch more sophisticated and widespread attacks. Ransomware will become automated and adaptive, evading traditional defences. Phishing attacks will be highly personalised and convincing, exploiting social media and language patterns, making detection dif cult even for the trained eye. AI also lowers the barrier for creating malicious code, including stealthy malware such as DeepLocker, which can lie dormant before causing signi cant damage.

One recent example involved a Hong Kong nance employee who transferred $25-million after attending a video call with what he believed were colleagues. In reality, he was tricked by AI-generated avatars. The attack highlights just how convincing – and dangerous – synthetic media has become.

The numbers are staggering. Cybercrime generated about $9.5-trillion globally in 2024, which is expected to rise by another trillion this year, says Cybersecurity Ventures. If cybercrime were a country, it would have the world’s third-largest economy, after the US and China. Africa isn’t exempt.

In South Africa alone, cybercrime causes annual losses of R2.2-billion. Interpol estimates losses exceeding $4-billion across the continent, highlighting the urgent need for stronger security measures, with ransomware posing a particularly serious threat, as echoed in a Marsh report on cyber risk trends.

Fighting back

Fortunately, AI can strengthen our defences. In the nancial sector, banks are applying AI for facial recognition, fraud detection, and risk analysis. AI is also helping developers identify and x vulnerabilities in their code, and it’s playing a key role in customer education, alerting users to phishing scams and social engineering tricks.

But no tool is foolproof. The most resilient organisations will be those that combine smart technology with smart people, who are training employees, enforcing clear guidelines on AI use, and building a culture of security awareness. Cyber threats will only grow more complex in the year ahead. With the right balance of human oversight and AI-powered defence, businesses can stay one step ahead.

Morné Louwrens

Prejlin Naidoo

Cybersecurity in the age of AI

Cybercriminals and organisations find themselves in an ever-evolving, AI-driven arms race, writes ANTHONY SHARPE

South Africa is in the midst of a cybercrime epidemic. A recent report by cybersecurity rm ESET found that our nation accounts for around 35 per cent of infostealer attacks and 40 per cent of ransomware attacks in Africa, making it the most-targeted country on the continent.

Government organisations are particularly vulnerable, with Check Point Software’s 2024 African Perspectives on Cyber Security Report revealing they face an average of 3 312 attacks weekly, followed by the education sector at 1 729. The estimated cost of cybercrime to the country is a staggering R2.2-billion per year, according to the Council for Scienti c and Industrial Research.

The proliferation of accessible arti cial intelligence (AI) solutions is only driving this scourge, providing criminals with ever-more sophisticated means of exploiting vulnerabilities – both human and technological. Nevertheless, AI is emerging as the most formidable weapon in the ght against cybercrime.

Smarter threat detection

and cyber at KPMG. “Unlike static rule-based approaches, AI dynamically learns transaction patterns and adapts to emerging fraud trends.”

Vashist says that by continuously learning from transaction behaviours, AI also reduces false positives. “This ensures that human operators focus on genuine threats rather than spending resources on reviewing transactions that pose no real risk. The result is a more adaptive, ef cient, and intelligent fraud-prevention system.”

Predictive, not just reactive

As fraud techniques continue to evolve, AI can give organisations an edge in the raceto stay ahead.

KPMG forensics partner Dean Friedman says the goal is to forecast cybercrime, not just respond to it. “The holy grail of fraud prevention is not just identifying fraudulent activity but predicting how fraudsters will adapt. While traditional fraud detection systems focus on identifying suspicious activity in real time, the future lies in forecasting emerging fraud patterns before they materialise. By continuously re ning models with new data sources – including dark web monitoring, synthetic identity trends and geopolitical risks – institutions can build a dynamic, self-learning defence system.

role, says Vashist, citing the nancial services industry as an example.

“Network intelligence and data sharing between banks, payment processors and regulatory bodies helps improve fraud detection models by pooling insights across the industry. Shared intelligence ensures AI models can recognise fraud patterns seen elsewhere, even if an individual nancial services provider has not encountered them yet.”

Reinforcement learning and adversarial testing is another important area.

“Payment operators deploy AI models that learn from past decisions and re ne their detection mechanisms over time, but they also need to simulate fraud scenarios, using ‘red teaming’ and threat scanning techniques with skilled professionals,” says Vashist.

“This process helps identify weak spots in fraud detection and strengthens model resilience against adversarial AI techniques used by fraudsters.”

The future

Moving forward, software and hardware advances promise an ever-growing cybersecurity arms race, with AI being complemented by other technologies.

One of the things AI is really good at is analysing large datasets and identifying patterns – a crucial component of identifying threats. “AI and machine learning enhance fraud detection by identifying and analysing anomalies across all possible dimensions in real time to prevent fraud, or performing analytics post processing for early detection of fraud trends in upcoming transactions,” says Rupesh Vashist, associate director for technology, risk

“While the execution of predictive analytics for fraud prevention is slow in southern Africa, it is expected to play a vital role in fraud prevention, moving beyond reactive measures to a proactive, intelligence-driven strategy.”

Sharing is caring

In order for the threat prevention ecosystem to develop, industry collaboration is essential, with regulators also playing an important

“Beyond AI models, edge computing will introduce additional data points for analysis, feeding neural networks with richer real-time insights to enhance AIdriven fraud detection,” says Friedman.

“We also see advancements in quantum computing accelerating fraud detection processes by signi cantly increasing processing speeds. This will not only turbocharge AI models, but also improve precision, enabling faster and more accurate fraud prevention measures,” he concludes.

Rupesh Vashist

STaying ahead

Businesses are deploying AI to detect and neutralise threats faster than ever before. But, at the same time, cybercriminals are using those same tools to launch more sophisticated, targeted attacks at scale, writes JASON NICHOLLS , principal solutions architect at AWS South Africa

One of AI’s most signi cant contributions to cybersecurity today is automation.

Traditional detection systems often produce overwhelming volumes of alerts – many of them false positives – which can lead to wasted time and missed genuine threats. Machine learning (ML)-powered tools such as Amazon GuardDuty help address this challenge by analysing user behaviour in real time. By identifying anomalies such as data ex ltration or privilege escalation attempts, GuardDuty reduces alert fatigue and signi cantly improves detection accuracy.

AS AI SYSTEMS TAKE ON A MORE ACTIVE ROLE IN DECISION-MAKING, THE QUESTION OF ACCOUNTABILITY BECOMES CRITICAL.

AI doesn’t just enhance detection; it also adds critical context. Instead of just agging a suspicious event, AI can correlate it with surrounding activity, helping teams quickly assess whether it’s a real threat and how to respond. This speed and intelligence are essential as cyberattacks grow more complex and frequent.

However, these same advances are being turned against defenders. Cybercriminals are adopting generative AI to automate phishing campaigns, craft deepfake videos, and produce malicious code at a pace and scale previously unimaginable. Emails that once looked generic and clumsy are now hyperpersonalised and convincing, making them more dif cult for users and even traditional lters to detect.

This arms race is rede ning what cyber resilience looks like. It’s no longer just about rewalls and antivirus software; it’s about intelligent, adaptive systems that can learn and evolve. This is where ML becomes indispensable for detecting zero-day threats and advanced persistent threats (APTs). Tools such as MadPot classify and analyse vast datasets to ag behaviours that deviate from expected norms. When integrated with services such as Amazon Detective, these capabilities help security teams trace potential breaches and map out response strategies much faster than manual investigation alone.

As AI systems take on a more active role in decision-making, the question of accountability becomes critical. We need to be con dent that AI tools are making sound decisions, and that we can explain how those decisions were made. Services such as Amazon Bedrock Evaluations help by assessing models for correctness,

completeness, and reliability. Combining automated evaluations with human-in-the-loop oversight ensures outputs are validated and aligned with organisational policies and ethical standards.

Another challenge lies in the data AI models are trained on. If that data is biased, unbalanced, or overly sensitive, the model’s outputs can be unreliable or even dangerous. Responsible AI design is key. That means prioritising fairness, transparency, and privacy from the outset. Red teaming and adversarial testing can help identify weaknesses—such as susceptibility to prompt injections or training data leakage – before attackers exploit them.

The rise of deepfakes and synthetic data presents new frontiers in social engineering. Attackers can impersonate executives, forge authorisation requests, or create believable but fake evidence. Organisations need to rethink their incident response strategies. This includes updating disaster recovery plans to include AI-driven threats, strengthening approval processes, introducing multi-factor authentication on key work ows, and providing training to help employees recognise signs of synthetic manipulation.

To stay ahead of these evolving threats, businesses must take a proactive, integrated approach to cybersecurity. Security should be embedded in every stage of the AI lifecycle, from development to deployment and beyond. Automating repetitive tasks frees human analysts to focus on more strategic threats. Meanwhile, governance frameworks and compliance policies ensure transparency and accountability as AI systems scale.

Finally, a resilient cybersecurity strategy is not just about tools; it’s about people. Building a culture of AI awareness and cyber hygiene is essential. This means investing in skills development, encouraging cross-functional collaboration, and ensuring leadership is equipped to make informed decisions around AI risk.

AI is reshaping the threat landscape, but it’s also providing the tools we need to meet those threats head-on. The challenge – and opportunity—for South African businesses is to lead with AI that is not only powerful, but responsible.

Because in cybersecurity, it’s not just about keeping up. It’s about staying ahead.

shaping the machine: The African narrative

DIVESH SOOKA , ALX South Africa general manager, shares why Africa must lead the ethics of AI

The view of AI is dominated by two extremes: boundless opportunity or widespread job losses. But there’s a quieter, more insidious threat, that rarely grabs headlines: the risk that AI doesn’t just displace jobs; it distorts the cultures, values, and histories that de ne our humanity and shape who we are.

Much has been said about the skills revolution AI demands, especially for younger generations preparing to enter a transformed workforce. While job losses remain a concern, history suggests that technological revolutions tend to reshape the nature of work, not eliminate it.

Technology inevitably transforms required skill sets and often creates more employment opportunities than they eliminate, just as the advent of personal computing did decades ago. Beyond economics lies a deeper concern; one we’re not grappling with urgently enough. AI systems rely on vast amounts of data to function. But data is never neutral. If biased or incomplete, it can lead to systems that perpetuate harmful narratives, reinforce inequality, or simply leave entire communities invisible.

This is not just hypothetical. Ethiopian-born computer scientist Timnit Gebru, former co-lead of Google’s Ethical AI team, was red after warning about the dangers of large language models trained on awed data. As she’s pointed out, if we don’t shape the data that trains AI, it won’t just ignore our stories –it will overwrite them.

We undeniably need to teach machine learning, coding, and robotics, but without pairing these with critical thinking, ethics, creative problem-solving, and empathy, we’re just creating better tools rather than better outcomes.

The emphasis should be on teaching and guiding the machine rather than passively accepting what AI produces. AI systems require

AI

SYSTEMS REQUIRE THOUGHTFUL HUMAN OVERSIGHT TO REACH THEIR FULL POTENTIAL WHILE AVOIDING

HARMFUL CONSEQUENCES

thoughtful human oversight to reach their full potential while avoiding harmful consequences. It’s critical that we remain vigilant against allowing inaccurate information to construct an entirely new world narrative built on falsehoods and a scenario potentially more damaging than even a doctoral thesis relying solely on unchecked AI research.

It’s already happening. Prompted to generate images of CEOs, tools such as DALL-E overwhelmingly return images of white men. Nurses and ight attendants? Mostly women. What happens when an AI model trained on such patterns gets used to screen candidates for jobs, loans, or education?

These dangers take on new weight in an African context. When AI systems are built far from our realities and trained on Western data, by Western engineers, they ignore local nuance, language, culture, and history.

As Raesetje Sefala, a Johannesburg-based researcher at Gebru’s Distributed AI Research Institute (DAIR), has warned: “If it’s about AI for Johannesburg, they should be talking to the researchers here.”

Africa has come too far to allow AI to push people to forget their stories and make the world even more unequal. AI can’t replace human connection and nuanced understanding – unless we let it.

The ability to shape AI systems responsibly, to question what they produce, and to embed values into their design is what will truly futureproof young people. Without a collective effort to make certain that the right, meaningful information is available and that our stories are told authentically, some communities risk being written out of history altogether.

There is an urgent need for African governments, institutions, and innovators to invest not only in technical upskilling, but in the broader ethical and cultural stewardship of AI.

This means building local research capacity. It means challenging global tech monopolies. And it means asking better questions about whose data is being used, who bene ts, and who is being left out.

Because if we don’t ask these questions, AI will answer them for us.

from unemployment to opportunity

Building South Africa’s cybersecurity talent

Companies are betting on real-world exposure and human-focused training to close the skills gap, writes BRENDON PETERSEN

South Africa’s youth unemployment rate is alarmingly high. According to Statistics SA data, unemployment for youth between 15–34 in 1Q2025 is 46.1 per cent. Even among those employed, over half work in roles for which they lack formal quali cations, the data reveals. At the same time, Cybersecurity Ventures shares that the global cybersecurity industry is facing an unprecedented shortage of skilled professionals, with an estimated 3.5 million un lled positions worldwide. These gures – one signalling crisis, the other opportunity –represent two sides of the same coin.

Bridging that gap, experts argue, requires more than just traditional upskilling. It calls for a complete rethink of how digital capabilities are taught, contextualised, and applied.

“Digital literacy isn’t just about knowing how to use a computer,” says Kirsty Phaal, senior vice president of human resources at NTT DATA. “It’s about giving people the con dence and capability to operate in an environment evolving faster than the curriculum. The skills we teach today must be exible enough to evolve in 18 months.”

NTT DATA’s response starts early. Its Saturday School initiative introduces high school learners to science, technology, and leadership subjects, helping prepare them for matric and, more importantly, the working world. For young jobseekers, the Youth in Tech programme — run with YES4Youth — offers structured exposure to real-world business environments, from meeting stakeholders to learning how to network.

“It’s not just about technical competence,” says Phaal. “It’s also about developing creativity, adaptability, and the soft skills that employers look for; the things you only learn through experience.”

But technical training is just one piece of the puzzle. Another critical dimension, often overlooked in digital skills conversations, is behavioural readiness.

“Most cyberattacks don’t exploit systems — they exploit people,” says Anna Collard, senior vice president of content strategy at KnowBe4 Africa. “The human layer is still the weakest link in most organisations, and that’s where we need to focus more attention.”

KnowBe4’s cybersecurity programmes are designed with this in mind. Rather than a one-size- ts-all approach, the company uses behavioural science, storytelling, gami cation, and microlearning to reach employees across digital literacy levels. Its work with the MiDO Cyber Academy and the Cyber Power Girls initiative — which supported 150 underserved female learners in the Western Cape — blends cyber hygiene with life skills, personal development, and con dence building.

“When young women tell us they now feel like cybersecurity is something they can actually do, that’s transformative,” Collard says. “It’s not about fear — it’s about agency.”

Still, many organisations treat cybersecurity training as a compliance requirement rather than a cultural investment. According to KnowBe4’s research, while leadership teams often express con dence in their preparedness, frontline employees — particularly those outside traditional of ce

roles — frequently feel underinformed and unable to apply training to real-world scenarios.

This disconnect isn’t just a training aw. It’s a risk. “When training isn’t contextual, people might tick the box but still not know what to do in the moment,” Collard adds. “We need ongoing, relevant learning; not once-a-year modules or generic slide decks.”

The urgency is particularly acute in South Africa, where digital inequality compounds the challenge. Not everyone has equal access to devices, reliable connectivity, or the foundational education to engage with technical content. That’s why both NTT DATA and KnowBe4 have adopted localised, exible models that emphasise accessibility, inclusion, and relevance. “It’s about building a whole ecosystem,” says Phaal. “We’re not just teaching skills. We’re building pathways to employment — and, ultimately, economic participation.”

These programmes show that cybersecurity skills development is no longer just about plugging talent gaps in tech. In South Africa, it’s part of a broader conversation about inclusion, employment, and preparing a generation for a world shaped by rapid digital change.

As Phaal puts it, “The more we invest in human potential now, the more resilient and adaptable our workforce will be — not just for today’s threats, but for tomorrow’s opportunities.”

“DIGITAL LITERACY ISN’T JUST ABOUT KNOWING HOW TO USE A COMPUTER. IT’S ABOUT GIVING PEOPLE THE CONFIDENCE AND CAPABILITY TO OPERATE IN AN ENVIRONMENT EVOLVING FASTER THAN THE CURRICULUM.” – KIRSTY PHAAL

Privacy, Trust, and Personhood

As AI blurs the line between human and machine, personhood credentials offer a privacy-first way to verify identity online –restoring trust, security, and authenticity, writes CARRIE PETER , MD of Impression Signatures and Advocacy Committee vice-chair at the Cloud Signature Consortium

I is transforming how we live, work, and communicate. From intelligent chatbots to photorealistic avatars, the boundaries between human and machine interactions online are becoming increasingly blurred. What was once science ction is now mainstream. But as AI’s capabilities advance at breakneck speed, a vital question emerges: how do we verify that the person on the other side of the screen is, in fact,

This isn’t a hypothetical concern; it’s a fast-growing problem. AI-generated deception is rising, and current digital systems are failing to keep up. As we become more reliant on digital platforms for everything from work and education to healthcare and governance, the ability to prove we’re human online— securely, reliably, and privately—is becoming a cornerstone of digital trust.

A groundbreaking paper titled Personhood Credentials: Arti cial Intelligence and the Value of Privacy-Preserving Tools to Distinguish Who is Real Online proposes an innovative solution: personhood credentials (PHCs). These credentials would enable individuals to prove they are human without revealing sensitive personal data, and without necessarily relying on biometrics. It’s a bold idea that could reshape how we establish identity in an increasingly AI-saturated world.

Why now? The rise of AI-powered deception

The paper highlights two major trends in AI that are fuelling the urgency for better veri cation systems:

1. Indistinguishability: AI now has the ability to produce text, images, videos, and voices that are virtually indistinguishable from human-generated content. It can carry out conversations, generate fake social media accounts, and replicate the tone and mannerisms of real individuals.

2. Scalability: Unlike humans, AI can operate at scale. Malicious actors are now able to launch mass phishing attacks, misinformation campaigns, and impersonation schemes with minimal effort and at low cost. The result? A ood of deceptive content that overwhelms online platforms and erodes user trust.

A powerful example of this is the use of deepfake voice cloning in corporate fraud. In one notorious case, cybercriminals used AI to mimic a CEO’s voice and instructed an employee to transfer a large sum of money to a ‘trusted supplier’. The voice was so realistic, the employee complied, resulting in major nancial loss. What’s more alarming is how quickly this kind of technology is being democratised. What

once required sophisticated tools and expertise is now available to almost anyone with an internet connection.

The failure of traditional defences

Digital platforms have historically relied on tools such as CAPTCHAs to separate humans from bots. But these defences are becoming obsolete. Today’s AI can easily bypass image recognition puzzles, defeat voice veri cation tools, and outsmart algorithms designed to detect automated behaviour.

At the same time, more rigorous identity veri cation methods—such as submitting ID documents or biometric scans—often compromise user privacy. For millions of people around the world, especially those in under-documented communities, these systems can also be exclusionary.

What we need is a middle path, a way to con rm personhood that preserves both privacy and accessibility.

Enter PERSONHOOD CREDENTIALS

Personhood credentials (PHCs) aim to ll this gap. A PHC allows a user to prove they are human without disclosing who they are. It’s like ashing a badge that says, “I’m real”, without having to share your passport, ID number, or ngerprint.

PHCs can be issued by trusted entities –such as governments, universities, civil society organisations, or even decentralised networks. They are designed to be:

• Privacy-preserving: Users retain control of their data and identity

• Non-biometric: Avoiding the risks associated with facial recognition or voice prints

• Globally interoperable: Usable across platforms and borders

• User-centric: Easy to adopt and manage, regardless of tech literacy. These credentials would allow users to interact online – comment, transact, vote, or post – while ensuring that only real humans are participating. It’s a vital foundation for rebuilding trust in digital spaces ooded with synthetic activity.

The African opportunity

Take South Africa as an example. Despite being one of Africa’s most developed economies, South Africans require visas for 96 countries – a re ection of global distrust in local passport systems. This distrust trickles down into online ecosystems, affecting everything from ntech access to remote work opportunities.

PHCs could offer a way to leapfrog outdated systems, enabling Africans to access global digital services, apply for jobs, and build online reputations without needing to compromise their personal data or jump through bureaucratic hoops. For young entrepreneurs, freelancers, and creators across the continent, this could unlock massive economic potential.

Moreover, PHCs could play a role in strengthening democracy. In countries where digital voting, public discourse, or civic engagement happens online, ensuring that participants are real people, not bots or foreign trolls, is vital for legitimacy and trust.

Building a human-centric digital future

The core message is simple but profound: in the age of AI, authentic human presence online is no longer a given. We must build systems that can con rm realness – not just identity – while upholding human dignity and rights.

The road ahead will require global cooperation. Governments, tech companies,

In Africa, PHCs could be especially transformative. Across the continent, many individuals face hurdles when it comes to accessing digital services. From poor infrastructure to a lack of formal documentation, millions are excluded from online platforms that require conventional forms of identity veri cation. READ

civil society, and innovators must come together to establish standards and protocols for PHCs. These systems must be:

• Secure and tamper-proof

• Inclusive and accessible

• Decentralised and trustworthy

• Respectful of local contexts and cultures. As AI continues to evolve, the need to distinguish between human and machine will only become more urgent. Personhood credentials offer a promising path forward; a way to preserve authenticity, restore trust, and empower individuals in the digital world.

A call to action

This moment in history demands bold thinking. We are not just confronting new technologies; we are rede ning what it means to be human in a digital world.

In an era where AI blurs the lines between human and machine, ensuring that individuals can securely and privately assert their personhood online is not just a technical necessity but a fundamental human right. PHCs are not a magic bullet, but they are a crucial rst step. By adopting systems that are privacy- rst and people- rst, we can make sure the internet remains a space for genuine human connection, safe collaboration, and shared global progress.

Why cloud-first thinking beats cloud-only moves

While cloud adoption is now widespread in South Africa, only those organisations embracing a ‘cloud-first’ mindset are unlocking real value, says ZJAÉN COETZEE , CTO, Nexus Data

Cloud adoption is no longer a future consideration; it’s the current reality for most organisations in South Africa. Access is more widespread, and costs are more manageable than ever. But there’s a clear distinction between companies that have embraced a cloud- rst mindset and those that have simply moved workloads to the cloud. The former are scaling and innovating. The latter are stalling.

Why a ‘cloud-first’ approach matters

The difference lies in the approach. Organisations that have built systems natively for the cloud –and transformed the way they work – are unlocking agility, scalability, and innovation. They’re not just hosting apps in the cloud; they’ve rethought their operations, delivery models, and governance structures.

Cloud maturity isn’t about where your apps live. It’s about how well your organisation leverages cloud-native principles and modern operating models to drive value. This ‘cloud in name only’ approach rarely meets expectations.

Whether public or private, the cloud must be seen not just as a technical platform, but as a strategic enabler. When it’s used purely to cut costs – typically framed in opex vs capex terms –the bigger picture is lost.

On the other hand, poor implementation leads to bloated costs with little return, a trap many businesses still fall into. Without strategic intent and deliberate design, the full potential of cloud remains out of reach.

WHETHER PUBLIC OR PRIVATE, THE CLOUD MUST BE SEEN NOT JUST AS A TECHNICAL PLATFORM, BUT AS A STRATEGIC ENABLER.

Beyond technology: cloud as business strategy

Adopting a cloud- rst approach isn’t just about where data lives; it’s about rethinking how your business operates. It’s about putting innovation, agility, and customer-centricity at the centre of everything you do.

Cloud, done right, isn’t just an IT strategy. It becomes a business strategy.

From disjointed adoption to integrated execution

South African sectors such as nance, retail, and mining are accelerating cloud adoption, but often in a piecemeal, reactive fashion. Systems are moved without aligning teams, rethinking platforms, or modernising governance. The result? Minimal innovation, low agility, and wasted resources.

As we explored in our book Drive RAPPID Results from Data, many businesses are “working hard but achieving little”. This is especially true for cloud: implementation without alignment drains budgets, talent, and time. Cloud isn’t just a platform; it’s a foundation

for modern data analytics, automation, and AI. If organisations don’t shift from fragmented adoption to strategic transformation, they risk falling behind.

Architecture and governance: The foundations of cloud maturity

Mature cloud environments aren’t built by accident. They’re intentionally designed for scale, with modularity, automation, observability, and security built in.

Governance also plays a key role. Governance by design gives organisations the con dence to scale responsibly, with clear decision-making rights, guardrails, and room to adapt without disruption.

Cloud solutions should be selected not just for their technical brilliance, but for their ability to deliver measurable outcomes across the enterprise.

Cloud as an engine for innovation

With the right foundations, cloud becomes more than a hosting environment; it becomes an engine for innovation. Mature platforms allow for rapid testing, seamless scaling, and faster decommissioning of underperforming initiatives. This creates a culture of experimentation, improves transparency, and accelerates value. The true advantage of cloud is speed to value. But that speed only comes when cloud is approached as a strategic enabler, not merely a cost-containment tool.

A strategic lens for long-term impact

The RAPPID Value Cycle (introduced in Drive RAPPID Results from Data) offers a useful framework for assessing cloud readiness. Initially created for data strategies, it’s equally relevant to cloud. It shifts the focus from activity to outcomes, helping organisations align investment, delivery, and impact across the board.

Success in the cloud requires clarity of purpose, sound structure, and continuous alignment with shifting business priorities.

What comes next?

Cloud maturity is not a tech issue. It’s a leadership challenge. South African businesses need to stop reacting to disruption and start leading with intent. Cloud should be a lever for performance, resilience, and long-term growth.

The true cost of cloud

Balancing innovation, compliance and efficiency

As cloud adoption accelerates across South Africa, businesses are grappling with the complex economics of digital transformation, writes

TREVOR KANA

As digital transformation continues to reshape South Africa’s business landscape, the shift to cloud computing is no longer a question of ‘if’ but ‘how ef ciently’. While the bene ts of scalability, agility, and cost-effectiveness are well known, the cloud’s complexity warrants a deeper examination of its economics. This reality is more stark in today’s market conditions, characterised by rising operational costs, tightening regulations, global tariff wars and an urgent need for resilience.

Cloud efficiency in a cost-conscious market

“The business case for cloud is on top of everyone’s agenda,” says Jeremy Pather, head of product: ICT and Energy at Nashua.

“With the rising cost of infrastructure and utilities, cloud remains a viable option with ROI now taking broader topics into consideration. Many opt for hybrid approaches, balancing security and scalability through a mix of cloud and on-premise infrastructure.”

Banking on security and sovereignty

The hybrid approach is especially appropriate in sectors such as nancial services, where regulatory scrutiny and security standards are high. Local banks and ntechs have emerged as frontrunners in cloud innovation. They have embraced multi-cloud deployments to optimise performance and cost while maintaining compliance with key privacy regulations such as POPIA. Additionally, with data sovereignty top of mind, locally hosted data centres and automated governance controls are fast becoming non-negotiables.

“Adherence to security frameworks and regular reviews are essential to maintaining a sustainable cloud strategy,” says Pather.

“Businesses should balance the use of locally based data centres with robust access protocols, encryption, and automated compliance.”

The price of agility: understanding TCO

Cost transparency has also emerged as a key driver of effective cloud adoption. Left unchecked, cloud spend can balloon rapidly due to overprovisioning, inef cient architecture, or hidden costs.

“Cloud eliminates upfront investments in hardware and allows businesses to pay only for what they use,” explains Steven Ambrose, CEO of DR Insight. “But it’s essential to assess total cost of ownership, including subscription costs, training, and data transfer fees, especially in a skills-constrained market such as South Africa.”

This has led to the growing uptake of FinOps, a nancial operations approach that combines nancial accountability and cloud operations.

Solutions such as IBM FinOps and AWS Cost Explorer are giving South African rms increased visibility into resource usage, enabling performance-based decisions and tighter budget alignment.

From serverless to strategic

Organisations are also adopting workload-based cloud strategies, rightsizing their deployments, and increasing the use of serverless computing

to reduce infrastructure management overheads. “Serverless adoption is on the rise,” says Pather. “The value proposition is about focusing on what matters and reducing the burden of managing infrastructure while supporting agile operations.”

Sustainability in the cloud equation

Beyond economics and compliance, a less discussed, but increasingly critical, consideration is cloud sustainability. With South Africa’s lingering power constraints and increasing ESG expectations, some businesses are beginning to track the environmental impact of their digital operations. Cloud providers such as IBM and AWS offer sustainability dashboards to monitor carbon footprints and promote energy-conscious provisioning.

Mind the skills gap

Another underreported factor in cloud inef ciency is the skills gap. With a lack of adequate cloud knowledge, businesses may inadvertently overprovision resources or underutilise features, leading to nancial waste and security risks. In response, cloud providers are investing in cloud upskilling programmes to strengthen in-house capabilities.

Partnering for future-proof cloud

“South African organisations looking to future-proof must ensure they have a modern cloud strategy,” Pather notes. “Partnering with the right integrator is essential, especially as AI workloads increase GPU demands and cost pressures mount.” As businesses increasingly rely on the cloud to enable innovation, their ability to navigate its hidden costs, regulatory constraints and evolving capabilities will de ne their resilience in a volatile economy. Cloud computing may promise scalability and speed, but this is achievable when paired with strategic cost management, local compliance, and skilled execution.

Steven Ambrose

Jeremy Pather

where they are in the world. Many of these solutions also integrate effortlessly, so your CRM, PBX, storage and data backups are all linked. This all makes for happier, more ef cient and productive workplaces.

Add to this how simple the cloud is to scale. Gone are the days of waiting for a new line or additional storage to be physically installed; you can now do this with a click of a button.

Locking it down

The big switch

Moving to the cloud is like upgrading from a flip phone to a spaceship, writes NIC LASCHINGER , CTO, Euphoria Telecom

The ip phone was once considered a futuristic piece of technology, but compare it to today’s iPhone and it feels positively pre-historic. The same can be said of old-school, on-premises tech-like servers and PBX phone systems. Compared to new cloud systems, they’re clunky, expensive to maintain, and not very exible.

So, why haven’t all businesses switched to the cloud yet? In a nutshell, because it’s a big leap with lots of moving parts. But for businesses setting out on this journey, here is a roadmap to guide you along the way.

The cost conundrum: upfront vs. long-term savings

Switching to the cloud sounds expensive, and upfront, it can be. But you might be surprised when you break it down. As an example, a switch to a cloud server might rack up data transfer costs to move everything from a physical to a virtual server. But you’re immediately cutting your costs on electricity, maintenance and hefty hardware upgrade bills. When weighing up the nancial aspects, look out for sneaky hidden costs. Cloud PBX

providers, for example, may try to hide behind connection fees and complex billing structures like paying for a full minute when you only spoke for 32 seconds. But there’s nowhere to hide with per second billing – you only pay for what you use.

The real value of cloud tech

People often confuse cost with value. But value is more than just what you pay upfront. A switch to cloud means fewer system failures and frustrating downtime. It’s also more agile, so you can scale up or down easily to suit your needs.

But the big bonus lies in the way cloud technology supercharges big data analytics. The result? Smarter, faster business decisions, whether you’re tracking customer behaviour, analysing call reports or spotting fraud before it even happens.

Like yoga for your business

Cloud systems are simply more exible than on-premises ones, and they make your business more exible, too. Cloud-based productivity suites and phones give your teams the exibility to stay connected, no matter

It’s a myth that on-premises systems are safer than the cloud. All it takes is one employee and a phishing email to bring the whole organisation to its knees. Cloud, on the other hand, offers multiple layers of security, including encryption and multi-factor authentication.

That said, there are still risks that both you and your cloud security provider should be aware of. Your phone system, for example, operates on the same networks as your computers, so if one is breached, the other is at risk.

Mind the (skills) gap

Switching to full cloud systems will need new skills such as cloud architecture, DevOps and security and data governance. There is no getting around the fact that some of these are in short supply and expensive so, if you are making the switch, upskilling and retraining your existing people can be a smarter, more-cost effective solution.

Bear in mind that not every business is going to need full-scale cloud architecture. A small business can very easily get away with the tools and storage offered by productivity suites such as Google, Microsoft and Zoho, coupled with a decent phone system. The skills required to get the best of these can easily be acquired through supplier training and some online tutorials.

The big picture

Moving to the cloud isn’t just about having shinier, faster systems. It’s a strategic shift; a way to future-proof your business, cut down on inef ciencies, and get ahead of the competition. The companies that understand the nancial, security, and skills implications will nd themselves commanding their own spaceships instead of trying to hail one from their ip phones.