The world of cybersecurity is in a constant state of flux, and the latest report from Rubrik highlights a critical issue: the surge in cyber risk among small and medium-sized enterprises (SMEs) as they embrace digital transformation. As AI tools become increasingly embedded in business operations, the gap between AI adoption and cybersecurity maturity is widening, and SMEs are feeling the heat. Lloyd Timcke, Regional Director for Africa and Israel at Rubrik, warns that this gap is a major concern, especially in South Africa, where the country is among the leading AI adopters on the continent. With an adoption rate of 21.1% by late 2025, South Africa is making strides, but the security infrastructure is lagging behind.
The Growing Gap Between AI and Cybersecurity
Timcke points out that while South Africa is embracing AI, the security infrastructure is not keeping pace. According to Microsoft's AI diffusion research, cloud computing adoption sits at around 61%, AI at 55%, and cybersecurity at just 44%. This disparity is a cause for concern, as it means that businesses are accelerating into a technology-rich future without the necessary safety architecture. The result? A situation where AI is driving efficiency, but also increasing risk exposure.
SMEs in the Crosshairs
SMEs are particularly vulnerable to this issue. As they digitize their operations, they often lack the internal systems, skills, and controls needed to manage emerging risks effectively. Every new AI tool deployed creates vulnerabilities that require informed people to manage, and right now, those people are in short supply. The nature of cyber threats has also shifted, with identity forming the primary attack surface. Criminals are using stolen credentials to gain access rather than attempting to breach perimeter defenses directly, especially in cloud and hybrid environments.
Practical Steps for SMEs
So, what can SMEs do to address this issue? Timcke suggests focusing on fundamentals rather than complex security architectures. Controlling access to systems and regularly reviewing and revoking permissions is crucial, especially when employees change roles or leave the company. Multifactor authentication across all business systems, not just email, is a basic but highly effective safeguard against credential-based attacks.
Establishing clear internal guidelines for AI usage is also essential. Companies should define which tools are permitted, what data can be used, and how outputs should be validated before use in business processes. Additionally, understanding and testing recovery capabilities, including the response to a cyber incident in the first 24 hours, is vital.
Looking Ahead
As South Africa's SME sector continues to digitize rapidly, with AI adoption expected to expand further across industries, Timcke cautions that without parallel investment in cybersecurity skills, governance, and recovery planning, the gap between adoption and readiness will persist. The challenge is clear: businesses must bridge this gap to ensure their digital transformation is secure and sustainable.
In my opinion, this issue highlights the need for a comprehensive approach to cybersecurity, one that involves not only technical solutions but also a focus on training and awareness. As AI becomes more integrated into our lives, we must ensure that the necessary safeguards are in place to protect our data and systems. The future of cybersecurity depends on it.
