Evaluating cybersecurity governance challenges in South African fintechs

Abstract

This research paper examines the key drivers and challenges of cybersecurity governance within South African fintech companies. The study found that compliance and risk management are the primary drivers for cybersecurity governance in fintechs. Compliance is regarded as a core responsibility for cybersecurity personnel, with achieving compliance objectives being a critical success factor for operating in the payments industry. Additionally, cybersecurity governance is integrated into a broader risk management approach, as fintechs consider cybersecurity as critical to ensuring business continuity and safeguarding reputational risk. However, the study also found several challenges in implementing cybersecurity governance within fintechs. These include financial constraints, a shortage of cybersecurity talent, low perceived value of cybersecurity, and a lack of alignment between the cybersecurity function and the broader business. The study recommends that fintechs address these challenges by enhancing executive oversight on the cybersecurity function, adopting quantitative risk analysis frameworks, leveraging technology more effectively, and distributing cybersecurity responsibilities across the organisation.