In the ever-evolving landscape of cybersecurity, the rapid advancement of AI tools has cast a spotlight on a critical issue: the widening gap between AI adoption and cybersecurity maturity, particularly among small and medium-sized enterprises (SMEs). As AI becomes increasingly embedded across business operations, concerns are growing that cybersecurity readiness is not keeping pace, leaving SMEs vulnerable to emerging risks. This is a pressing issue that demands attention, and Rubrik, a silver sponsor of the ITWeb Security Summit 2026, is shedding light on this critical topic.
Lloyd Timcke, Regional Director for Africa and Israel at Rubrik, highlights a concerning trend: while South Africa is among the leading AI adopters on the continent, its security infrastructure lags behind. According to Microsoft's AI diffusion research, South Africa recorded an adoption rate of 21.1% by late 2025, the highest in Africa. However, when examining the security infrastructure beneath this adoption, the picture becomes far less flattering. Across sub-Saharan Africa, cloud computing adoption sits at around 61%, AI at 55%, and cybersecurity at just 44%. This disparity is particularly concerning, as it indicates that we are accelerating into a technology-rich future without the safety architecture to match.
SMEs are particularly exposed to these risks. Every new AI tool deployed by an SME creates vulnerabilities that require informed people to manage, and right now, those people are in short supply. The nature of cyber threats has shifted significantly, with identity now forming the primary attack surface. Criminals are increasingly using stolen credentials to gain access rather than attempting to breach perimeter defenses directly, particularly in cloud and hybrid environments. The growing use of AI agents and automation tools introduces additional complexity, as these systems often operate with their own digital identities and access rights.
In my opinion, this raises a deeper question: how can we bridge the gap between AI adoption and cybersecurity maturity? One thing that immediately stands out is the need for SMEs to focus on fundamentals rather than complex security architectures. Controlling access to systems and ensuring permissions are reviewed regularly and revoked when no longer needed is crucial, especially when employees change roles or leave the company. Multifactor authentication across all business systems, not just email, is a basic but highly effective safeguard against credential-based attacks.
What many people don't realize is that establishing clear internal guidelines for AI usage is essential. Companies should create an AI usage policy before they need one, outlining which tools are permitted, what data can be used, and how outputs should be validated before use in business processes. Understanding and testing recovery capabilities, including how they would respond in the first 24 hours of a cyber incident, is also crucial.
Looking ahead, South Africa's SME sector will continue to digitize rapidly, with AI adoption expected to expand further across industries. However, without parallel investment in cybersecurity skills, governance, and recovery planning, the gap between adoption and readiness is likely to persist. In my view, this highlights the need for a comprehensive approach to cybersecurity that addresses the unique challenges faced by SMEs in the digital age.
In conclusion, the widening gap between AI adoption and cybersecurity maturity is a critical issue that demands attention. As AI becomes increasingly embedded across business operations, it is essential to ensure that cybersecurity readiness keeps pace. By focusing on fundamentals, establishing clear guidelines for AI usage, and investing in cybersecurity skills and governance, SMEs can better protect themselves against emerging risks. The future of cybersecurity depends on our ability to bridge this gap and create a safer digital environment for all.
