FSCA Cybersecurity Regulations: What South African Businesses Need to Know Joint Standard 2 of 2024: Cybersecurity and Cyber Resilience Requirements the Financial Sector Conduct Authority (FSCA)

Joint Standard 2 of 2024: Cybersecurity and Cyber Resilience Requirements 

The Financial Sector Conduct Authority (FSCA), in collaboration with the Prudential Authority (PA), introduced Joint Standard 2 of 2024 to enforce cybersecurity best practices across South Africa’s financial sector  

Key Requirements Include: 

• A documented cybersecurity strategy aligned with business goals. 

• Regular vulnerability assessments and penetration testing. 

• Incident response plans and breach notification protocols. 

• Third-party cybersecurity compliance

  
  

Effective Date and Compliance 

The regulation took effect on 1 June 2025, applying to banks, insurers, retirement funds, and other financial institutions. Non-compliance may result in penalties and reputational damage

Cybersecurity as a Competitive Advantage 

Investing in cybersecurity not only ensures compliance but also creates business value. It builds customer trust, supports secure innovation, and positions companies as leaders in digital resilience

Global Trends that are reinforcing Cybersecurity

The World Economic Forum’s Global Cybersecurity Outlook 2025 highlights how geopolitical tensions, emerging technologies, and supply chain interdependencies are intensifying cyber risks Meanwhile, Gartner identifies trends such as GenAI-driven data security, machine identity management, and cybersecurity burnout as critical challenges for business leaders 

Forbes emphasizes the convergence of networking and security through frameworks like SASE (Secure Access Service Edge), which enhance performance and protection in cloud-first environments 

Cybersecurity: A Strategic Business Priority 

According to Iain Wadds, founder of Barefoot Cyber, cybersecurity in 2025 is not an IT issue. As digital transformation accelerates, organisations are increasingly exposed to cyber threats such as data breaches, ransomware, and sophisticated attacks. To safeguard their assets and maintain trust, businesses must treat cybersecurity as a strategic priority 

Why Cybersecurity Matters for Business Growth 

1. Protecting Business Continuity and Reputation 

Cyber incidents can disrupt operations, damage brand reputation, and lead to financial losses. A single breach can cost millions and erode customer trust. Companies must invest in cyber risk management to ensure resilience and continuity.  

2. Enabling Secure Digital Transformation 

With the rise of cloud computing, remote work, and AI-driven systems, businesses must secure their digital assets. Cybersecurity enables innovation while safeguarding sensitive data and intellectual property  

Real-World Example:  

South African Airways (SAA) experienced a cybersecurity incident on Saturday, 3 May 2025, which affected its website, mobile application, and internal systems. 

In response, the airline promptly activated its disaster recovery and business continuity protocols to minimize disruption. To investigate the incident, SAA has engaged independent digital forensic experts to determine the origin and extent of the breach, which is suspected to involve external cybercriminal activity. The airline has also reported the matter to the State Security Agency (SSA), the South African Police Service (SAPS), and the Information Regulator, in compliance with the Protection of Personal Information Act (POPIA). 

As we navigate the Fourth Industrial Revolution, organisations must recognise that cybersecurity is no longer optional, it’s a strategic necessity. With digital transformation accelerating, the risks of cyberattacks, data breaches, and ransomware are growing by the day. 

Now is the time to prioritise your cybersecurity strategy and build robust, future-ready programmes. Partnering with experienced cybersecurity firms can help you identify vulnerabilities, mitigate risks, and protect your most valuable assets. 

Secure your business before it’s too late. 

Contact us at Sales@barefootcyber.com to get started.