THE STATE OF CYBER SECURITY 2025 – Top threats, emerging trends, and CISO recommendations
The 2025 State of Cyber Security report highlights key threats, including: The AI tactics that swayed a third of global elections through disinformation.
A 58% surge in infostealer attacks, focusing on corporate access.
Ransomware attacks shift from encryption to data exfiltration extortion, with Healthcare now the second most targeted.
Hybrid networks enabling lateral movement between on-premise and cloud.
Hardware and Software supply chains saw the highest attack surge attacks.
KING V CODE ON CORPORATE GOVERNANCE FOR SOUTH AFRICA (Draft)
The King V Code on Corporate Governance for South Africa establishes a comprehensive framework for ethical and effective leadership, emphasising integrated thinking and sustainable value creation within economic, social, and environmental contexts. It defines corporate governance as the pursuit of four main outcomes—ethical culture, performance, conformance, and legitimacy—through the actions of the governing body. Critical principles include ethical leadership, balanced governing body composition, clear delegation, and robust risk and compliance management. The Code advocates stakeholder inclusivity and responsible corporate citizenship grounded in Ubuntu philosophy, guiding organisations to create value for both themselves and broader society. Governance practices are structured around steering the organisation, approving policies, overseeing management, and ensuring accountability. The Code mandates an outcomes-based, “apply and explain” disclosure approach, allowing for proportional adaptation based on an organisation’s size and complexity. It addresses essential domains: ethics, strategy, reporting, risk, compliance, stakeholder management, information governance (including emerging technologies like AI), assurance, and remuneration. Organisations are encouraged to implement leading practices, foster diversity and competence, and ensure independent oversight of committees, with transparency and continuous evaluation central to its application.
Beyond Ethics: The Strategic Economics of Digital Trust
Digital trust is fundamentally the belief that digital technologies and organisations will act securely, ethically and transparently, building stakeholder confidence that enables greater economic growth and resilience. Organisations that excel in digital trust practices—such as robust cybersecurity, ethical data usage and transparent processes—see tangible benefits including increased consumer loyalty, reduced risk, and enhanced market reputation. Recent consulting and research findings show that even a small increase in digital trust can significantly boost GDP per capita and business growth. However, the digital trust gap—differences in perceived versus actual trust in digital platforms—can impede innovation and market development, leaving societies vulnerable to cybercrime and undermining the value created by digital transformation.
In practice, embedding digital trust within strategy, risk and audit functions fosters lasting economic advantage, as strong trust environments lower transaction costs, encourage innovation and ensure higher rates of digital adoption.
Case Study: Digital Trust and Public Service Transformation in Uganda
Uganda’s digital transformation, guided by the Digital Uganda Vision, has revolutionised public service delivery by introducing secure digital IDs, e-services, and mobile platforms that simplify access for citizens and businesses (DPI Africa, 2025). These initiatives have increased efficiency, reduced corruption, and enabled greater financial inclusion and healthcare access through digital channels. A robust focus on digital trust—incorporating security, transparency, and citizen education—has been essential to widespread adoption and impact (PwC, 2024). Despite ongoing challenges like limited internet penetration and cybersecurity risks, Uganda’s experience illustrates how digital trust empowers inclusive growth and social progress (World Bank, 2024).
The Power of Possibility: Transitioning from Deterministic to Stochastic Thinking for Strategic Risk Professionals
Stochastic thinking in risk management acknowledges uncertainty and the role of probability in shaping outcomes, moving beyond the single-scenario focus of deterministic models (EV, 2020; Investopedia, 2025). Embracing stochastic approaches enables risk professionals to simulate a spectrum of possible futures, quantify likelihoods, and enhance forecasting, scenario planning, and stress testing (PreventionWeb, 2021; GARP, 2023). This mindset delivers deeper insight for strategic decisions, supports resilience, and equips organisations to navigate today’s complexity and volatility more effectively than deterministic methods alone (Milliman, 2022; Perplexity, 2025).
Shifting Mindsets: How Mental Models Bridge the Executive–Risk Manager Divide in Quantitative Risk Analysis
This article explores how mental models can empower executives to integrate quantitative risk analysis into strategic decision-making. By translating complex statistical data into relatable concepts, risk professionals bridge the gap between executive intuition and analytical risk management. The use of mental models helps demystify probabilities, foster robust strategic conversations, and strengthen executive understanding of uncertainty and potential impact. Best practices include using tailored narratives, visual aids, executive education, and continuous feedback, all aimed at embedding quantitative risk thinking within board-level strategy. Ultimately, this approach builds a resilient, risk-informed leadership culture that turns uncertainty into opportunity.
Case Study: Transforming Strategic Decision-Making in a South African Financial Services Group – Leveraging Mental Models for Quantitative Risk Analysis
This case study examines how a major South African financial services group transformed its approach to risk management by leveraging mental models to improve executive engagement with quantitative risk analysis. By mapping executive mindsets, using scenario planning, and translating statistical outputs into business-centric stories, the organisation bridged the gap between technical risk management and strategic decision-making. This process resulted in more data-driven, resilient, and agile leadership, with improved resource allocation and risk-informed culture. The experience highlights the critical value of mental models, cross-disciplinary dialogue, and scenario-based learning within the African context (Roberts, 2022; IRMSA, 2025; Kahneman, 2011).
From Box-Ticking to Boardroom Strategy: Elevating Risk Management for Modern Organisations
Decision-centric risk management integrates risk analysis into all strategic and operational decisions, enabling organisations to anticipate threats and opportunities, thus driving value and resilience. By contrast, compliance-centric risk management focuses on adherence to laws, regulations, and internal policies, prioritising the avoidance of breaches over strategic enablement. While both approaches safeguard the organisation, the decision-centric model is proactive and dynamic, embedding risk into business strategy and innovation, whereas compliance-centric methods may foster a checkbox mentality. Leading organisations combine both, ensuring compliance forms a foundational baseline while decision-centric practices drive growth and competitive advantage.
From Registers to Results: Embedding Risk as a Driver of Decision Quality
Risk management often fails leaders because it is applied as an isolated process, generating static registers and qualitative reports disconnected from real decision-making needs. Organisations must embed risk management within decision quality disciplines, prioritising cultural and contextual foundations before quantitative analytics. Approaches like Pelorus Insights' COURSE™ framework and the Risk Capability Pyramid™ demonstrate how integrating risk into strategic choices—and using robust quantification—enables actionable, fit-for-purpose insights that drive confident, resilient decisions in uncertainty (AuditBoard, 2025; PECB, 2025; Pelorus Insights, 2025).
King V Code on Corporate Governance for South Africa 2025
King V sets out an outcomes-based corporate governance code for South Africa focused on ethical culture, sustainable performance and value creation, prudent control and legitimacy within the organisation’s economic, social and environmental context. It defines universally applicable principles supported by flexible, proportional recommended practices rather than rigid rules, under an “apply and explain” disclosure regime. The Code emphasises ethical and effective leadership, integrated thinking, responsible corporate citizenship, stakeholder inclusivity and robust oversight of risk, technology, remuneration, assurance and stakeholder relationships to support long-term systems value creation.