Abstract
With the rapid advances in information communication technologies (ICTs), cyberspace has provided a platform for organisations to be progressively more innovative in their operations. As a result of this innovation, individual users within the organisations have become even more connected to the internet, with a concomitant increase in cyberattacks. This is particularly prevalent within public sector organisations. It is thus critical that cyber-security awareness is at the forefront of public sector organisations’ agendas. The study evaluates cyber-security awareness of South African state-mandated public sector organisations. As part of their mandate, these organisations are expected to lead by example. A questionnaire with open- and closed-ended questions was administered to individuals tasked with the responsibility for cyber-security in the state-mandated public sector organisations. Overall, the results demonstrate that state-mandated public sector organisations are not at the forefront of cyber-security awareness. Gaps are evident in terms of cyber-security management, and training. Promising to note was the information technology (IT) experience and expertise of individuals tasked to oversee cyber-security within these organisations. It is, however, recommended that IT departments should manage cyber-security and not the Human Resources (HR) departments. The results are not generalisable beyond the scope of this study. Nonetheless, the results provide various recommendations in terms of creating a culture of cyber-security awareness in state-mandated public sector organisations.