From Market Entry to Secure by Design: Shaping Africa's Digital Defense with Chris Norton

Chris Norton analyzes South Africa's cybersecurity growth, common threats like phishing, and critical skills in demand. Essential insights for businesses entering emerging markets

What if the true benchmark for cybersecurity maturity in an emerging market isn't just defense, but its seamless integration into hyper-growth business strategy? To test this, we spoke with Chris Norton, a leader who has spent 25 years pioneering market entry and building revenue in Sub-Saharan Africa's most challenging environments.

With a background in distribution and channel dynamics, and a career spanning leadership roles at seven global vendors including IBM, VMware, and Dell EMC, Norton specializes in turning complex conditions into commercial opportunity. Now, as General Manager for Sub-Saharan Africa at Kaspersky, he applies this lens to cyber resilience.

In this interview, he dissects South Africa's threat evolution, the operational hurdles from skills gaps to remote work, and why the shift from "more tools" to "secure by design" is critical for any business aspiring to grow sustainably in the region.

Interview with Chris Norton

How has the cybersecurity industry in South Africa grown in recent years?

The cybersecurity industry in South Africa has grown because the risk has grown, and because the IT environment has become harder to defend. South African organisations have expanded their digital operations through cloud adoption, hybrid work, and greater mobility, which increases flexibility but also widens the attack surface. The industry response has been a steady shift from “more tools” to better visibility, consolidation and automation. Security leaders are increasingly focused on converging endpoint, network, email, and cloud telemetry into a centralised detection and response system, so teams can correlate signals and contain incidents faster.

At the same time, South African practitioners are showing an increased interest in “secure by design” approaches, moving security earlier into development and architecture rather than treating it as a bolt-on. A recent Kaspersky study found that 88% of South African cybersecurity professionals surveyed are familiar with Secure by Design, and many believe inherently resilient systems are achievable. Skills constraints are also shaping the market. Companies increasingly lean on managed service providers and managed detection and response to access specialist cybersecurity capacity and 24/7 monitoring.

What are the most common cybersecurity threats faced by South African businesses today?

Phishing remains the most significant threat because it is cheap, scalable, and effective against busy humans. Kaspersky notes that phishing is the dominant attack type in the region, with 67% of South African businesses reporting incidents.

Ransomware also remains a critical concern, increasingly targeted and persistent, and frequently linked to initial access gained through phishing, exposed systems, or stolen credentials. Kaspersky Incident Response data also highlights common entry points such as public-facing applications and compromised valid accounts, which map directly to what defenders see in South Africa when identity and configuration controls are weak.

Beyond that, the local threat landscape is being shaped by infostealers, password stealers, spyware, banking trojans and backdoors. AI is also raising the baseline risk, enabling more convincing fraud, phishing pages, and impersonation content, which makes detection and user scepticism harder.

What challenges do companies in South Africa face when implementing strong cybersecurity measures?

The first challenge is the operational reality. Many businesses run fragmented toolsets, manual processes, and reactive controls, which create alert fatigue and policy enforcement gaps. When security teams cannot see the entire environment in one place, containment slows, and attackers have more time to move laterally or stay hidden. That is why consolidated visibility and automation matter, but consolidation itself is a hard organisational change.

The second challenge is people. A recent Kaspersky survey shows that only 46% of professionals surveyed in South Africa reported receiving training on digital threats, even though many breaches trace back to human error and social engineering. This gap becomes more dangerous as scams get more sophisticated, including deepfake and impersonation risks where confidence can outpace competence.

The third challenge is capability and cost. Skills shortages are a recurring constraint, especially for SMBs, which pushes many organisations toward managed service providers for specialist support. Even with awareness of stronger approaches like Secure by Design, adoption can be slowed by standardisation and cost hurdles.

How has the rise of remote work affected cybersecurity risks in South Africa?

Remote and hybrid work have expanded the attack surface as more work now happens across cloud platforms, home networks, and personal devices. This flexibility comes with a price. Cloud security depends heavily on correct configuration and identity controls, and misconfigurations plus stolen credentials remain major weaknesses. Mobility adds another layer of exposure, mainly where personal smartphones are used for work without effective security controls.

Remote work also amplifies human-factor risk. Employees are more exposed to phishing, supplier impersonation and urgent-payment scams, and half of the South African respondents in Kaspersky research encountered scams disguised as internal or supplier messages in the past year. Critically, training is not consistently kept up to date: secure remote work was one of the topics employees specifically wanted more training on, alongside passwords, email, and protecting confidential data.

Finally, the fraud layer is getting more convincing. Deepfake-enabled impersonation and AI-generated scam content are becoming increasingly common in the threat landscape, raising the risk that remote approvals, voice-based verification, and “quick decision” workflows will be exploited.

What skills are most in demand in the South African cybersecurity job market?

The market is hungry for people who can reduce complexity and speed up response, not just people who can run yet another tool. That means strong detection-and-response skills across endpoints, the cloud, email, and networks, plus the ability to correlate telemetry in centralised XDR environments and automate initial actions such as isolation and containment.

As compromised accounts and stolen credentials are major entry points, identity and access management competence is also a priority. Multi-factor authentication, identity governance, and zero-trust thinking are becoming core operational skills, not “nice to have” security architecture concepts.

Threat intelligence and incident response maturity are also in demand, especially as cyber attackers stay in environments longer and advanced persistent threats drive a growing share of high-severity incidents. This blends into risk and resilience skills: organisations are being pushed to treat “time from first signal to isolation” as a measurable KPI, and to run regular incident simulations.

How is the South African government supporting cybersecurity awareness and regulation?

South Africa has established the National Cybersecurity Policy Framework that combines legislation, oversight institutions, and public awareness initiatives. It sets national priorities for cyber resilience, incident coordination, and skills development.

On the regulatory side, several laws shape cybersecurity obligations. The Cybercrimes Act criminalises offences such as unlawful system access, data interference, cyber fraud, and extortion, and places reporting and evidence preservation duties on service providers and financial institutions. The Protection of Personal Information Act (POPIA) requires organisations to safeguard personal information and report data breaches, with the Information Regulator increasingly active in enforcement and compliance monitoring. The Electronic Communications and Transactions Act provides further provisions around information security and network integrity. In parallel, financial regulators have introduced mandatory IT governance and cybersecurity standards for financial institutions.

Institutionally, the national Cybersecurity Hub acts as South Africa’s CSIRT, coordinating incident response, sharing threat intelligence, and running national awareness campaigns. Government departments also conduct public and public-service training initiatives on online safety, phishing awareness, and safe data handling, supported by regular vigilance communications.

Skills development is another focus, with the government recognising the national cybersecurity skills shortage and promoting education and training programmes in collaboration with industry and academic partners. International cooperation further supports alignment with continental and global cyber norms.