Abstract
This study evaluated the state of cybersecurity awareness in South African (SA) public sector organisations as well as the cybersecurity threats affecting these organisations. The study highlighted the importance of cybersecurity awareness as a means of minimising the impact of these threats, especially in the wake of increased cybersecurity attacks in recent years. With a particular focus on phishing, malware and ransomware attacks, the study emphasised the vital role of cybersecurity awareness initiatives in countering such threats. The study adopted a qualitative research methodology. Data was collected using a questionnaire research instrument, comprising open and closed questions. The data was gathered from individuals tasked with responsibility for cybersecurity in statemandated public sector organisations. The findings indicate that the majority of public sector organisations face cybersecurity threats through the use of the internet. The organisations use alternative mediums to notify their users of cybersecurity threats although this is not done consistently, which could leave users vulnerable. Cybersecurity awareness training was recognised as an initiative that could minimise the impact of cybersecurity threats, however, the lack of refresher training remains a concern for many public sector organisations. The fact that most public sector organisations lack formal cybersecurity policies means there is no policy direction, which hinders the effective implementation of cybersecurity initiatives.
M.Com. (Computer Auditing)