CISOs Under Pressure: Veeam Retreat Highlights Strategic Shift for South African Cybersecurity Leaders

South Africa’s cybersecurity leaders are facing mounting pressure in an environment defined by rapid digital transformation, regulatory tightening, and boardroom misalignment. This was the dominant theme at Veeam Software’s exclusive two-day CISO Retreat in Magaliesburg, which brought together Chief Information Security Officers (CISOs), Chief Risk Officers (CROs), Chief Compliance Officers (CCOs), and Chief Technology Officers (CTOs) to reflect on their evolving role.

Held under the theme: “The CISO’s strategic shift – from IT security to business enabler,” the retreat emphasized the need for CISOs to evolve beyond technical guardians to become strategic partners in governance, resilience, and value creation.

Resilience Must Outpace Risk

In a thought leadership session led by Andre Troskie, EMEA Field CISO at Veeam, and Ian Engelbrecht, Team Leader & Manager of Systems Engineering for Africa, the discussion focused on “Governance in the Age of Resilience: Leading Through Uncertainty.”

“We’re trying to empower businesses to adopt emerging tech and transform efficiently. But we also have to defend against ever-evolving threats,” said Troskie. “CISOs today must juggle legal, technical, and risk backgrounds while speaking the language of the board.”

As regulatory pressure mounts, particularly in financial services and the public sector, resilience is no longer optional. Engelbrecht emphasized the growing weight of incident disclosure regulations, especially for publicly listed companies, which must report material cybersecurity incidents within four days.

“Without proven resilience frameworks, organisations risk being seen as negligent,” said one participant. “ISO 27001 is no longer enough—we must prove that our processes are working, continuously.”

Boardroom Disconnect and Cultural Readiness

Participants agreed that board-level understanding of cyber risk remains limited, particularly regarding the geopolitical dependencies and digital supply chain vulnerabilities facing South African companies.

MC Rodney de Koch, digital evangelist and board advisor, framed the issue succinctly:

“As resilience shifts from reactive recovery to proactive adaptability, governance must align leadership, culture, and risk frameworks.”

CISOs are now expected to elevate cyber discourse to the boardroom, not only as a compliance requirement but to protect business continuity and customer trust.

Stronger Controls and Public Sector Oversight

Roundtable discussions explored how financial services governance models could be adapted across the public sector, with the Auditor General’s role in oversight seen as crucial.

The CISO Control Framework emerged as a central tool in driving internal control and maturity in resilience—a requirement not just for audits but to avoid liability under stricter global benchmarks.

Visibility, Metrics and Value

Participants also stressed the importance of metrics-based reporting, enabling CISOs to demonstrate not only risk reduction, but business value. As threat environments become more complex, visibility and real-time data will be the differentiators in executive decision-making.

“CISOs must stop being seen as blockers,” said Engelbrecht. “We’re not just keeping the lights on—we’re enabling smart, safe innovation.”

Need to Know: Why This Matters for South African Organisations

• New regulations now mandate public disclosure of major cyber incidents within four days.

• Governance gaps between tech teams and boards can result in fines and reputational damage.

• CISOs must move from technical gatekeepers to strategic business enablers, backed by metrics, visibility, and clear frameworks.

{Source: ITWeb}

Follow Joburg ETC on Facebook, Twitter , TikTok and Instagram

For more News in Johannesburg, visit joburgetc.com