South African Companies Recorded a 60% Rise in Data Breaches – Here’s Why IT Security Isn’t Enough
A collaborative perspective from IS³ and CSI³
¹In the first half of 2025 alone, South African companies recorded a 60% rise in data breaches.
²Digital banking fraud incidents had risen 86% in 2024. And yet, the conversation in boardrooms is still firmly anchored in IT security: firewalls, endpoint protection, zero-trust architecture.
Necessary, but increasingly insufficient.
The attack surface has expanded well beyond what a CISO’s dashboard shows. And the organisations that understand this first will be the ones that remain operational when others don’t.
What the Converged Enterprise Actually Looks Like
Financial institutions today run on three overlapping technology layers.
Engineering technology — is the layer that designs, models, and governs the built environment and industrial systems that underpin operations. It’s the bridge between the physical and digital worlds that is often the least visible layer in financial services.
Runs the physical world: the power management systems keeping your data centres cool, the building automation, the control systems behind your ATM network infrastructure, and so much more.
Manages data, transactions, and connectivity. It’s well-governed, well-funded, and well-understood. It’s where most of the security investment goes.
Let me explain.
Target systems that use operational and engineering technologies (incl PLC, HMI, SCADA) in financial industry are:
- Smart ATM and Cash Processing Networks
- Building Automation Systems (BAS) & HVAC for Data Centres
- Physical Security & Access Control Infrastructure
- Banking of Things (BoT) Technologies
- High-Frequency & Algorithmic Trading Engines
- Agentic AI & Quantitative Modelling Systems
In banking IT, the supreme guiding principle is the CIA Triad:
- Confidentiality first
- Integrity second
- Availability third.
In critical industrial environments (OT/ET), the priority is entirely inverted to the AIC Triad: Availability is king, followed by Integrity, with Confidentiality a distant third. As the IT, ET and OT layers have converged, a vulnerability in a corporate IT email phishing scam can bridge the gap into the OT network, altering the ET logic. To protect converged infrastructure, you need an integrated approach that respects that a cyber risk is seamlessly tied to an operational uptime risk. Air gapping is no longer practical.
Where IS³ Fits Into This Picture
For decades, IS³ has worked at the intersection of IT, OT, and ET — in environments where the stakes of getting it wrong are immediate and physical. For example, in mining, an unplanned production stoppage can cost millions, and in power and utilities, a compromised control system can affect entire regions.
Over time, industries like these have built a discipline of connected operational intelligence. Not IT security bolted onto OT systems. But a unified view of how technology layers interact, where the vulnerabilities live at the seams between them, and how to maintain uptime and resilience even in hostile environments.
The underlying challenge for financial services isn’t much different: complex, converged technology environments where failure in any one layer can cascade across all three.
IS³ brings the same operational intelligence framework to financial services that keeps critical industrial infrastructure running. The tools are proven. The methodology is battle-tested.
The Conversation Continues at the Saxon

These questions don’t have simple answers. They require peers in a room, sharing what’s working, what isn’t, and what the horizon looks like from where each of them sits.
That’s the premise behind Discover-X. This is an IS³ invitation-only executive intelligence experience, taking place on 21 July 2026 at The Saxon, Johannesburg.
Designed for senior leaders navigating the complexity of connected, converged enterprises, Discover-X brings together decision-makers from across industries, including banking and financial services, to explore AI, cyber security, connected operations, and enterprise intelligence. This isn’t a vendor showcase. It’s a peer-level conversation.
FAQs
What is cyber resilience in financial services?
Cyber resilience in financial services is the ability to monitor, respond to and recover from cyber incidents while maintaining critical operations. As data breaches and digital banking fraud continue to rise, organisations need resilience across IT, OT and ET environments.
Why does IT security alone no longer provide sufficient protection for banks?
IT security remains essential, but IT, OT and ET environments now share networks, data flows and infrastructure. This convergence can create governance blind spots and expose organisations to risks that extend beyond traditional IT systems.
How can financial institutions improve resilience across IT, OT and ET environments?
Financial institutions can improve resilience by gaining visibility across IT, OT and ET environments, strengthening governance, managing cyber risk across critical operations and adopting a connected operational intelligence approach.
Why is visibility across IT, OT and ET environments important?
Visibility across IT, OT and ET environments helps organisations identify risks, improve resilience and maintain operational continuity. As these systems become increasingly interconnected, a lack of visibility can create governance blind spots and expose critical operations to cyber and operational risks.
Please note that Discover-X is a curated, invitation-only experience. Submitting your registration is the first step. Our team will be in touch to confirm your attendance.
- Source: LexAfrica, South Africa’s Data, AI & Cybersecurity Outlook 2026 (February 2026) / IT-Online, March 2026.
- Source: South African Banking Risk Information Centre (SABRIC), Annual Crime Statistics 2024. Digital banking fraud incidents rose 86% year-on-year to 97,975 cases, with gross fraud losses of R1.888 billion.
- Source: FSCA & Prudential Authority, Joint Standard 2 of 2024 — Cybersecurity and Cyber Resilience Requirements.