The world’s largest cybersecurity company says it will continue expanding in South Africa as AI-driven attacks intensify, putting the continent’s digital infrastructure under growing global pressure.
“Africa is at the crossroads between the West and the East,” said Helmut Reisinger, Palo Alto Networks CEO for Europe, the Middle East and Africa (Emea).
He said the continent’s strong growth makes it an attractive investment, but as IT capabilities expand, exposure to global cyberthreats is rising, increasing the need for AI-driven security automation.
Founded 20 years ago, Palo Alto is the world’s largest pure-play cybersecurity company, with a market capitalisation of about $120bn (R1.9-trillion). The company has major research and development centres in California and Israel, and recently completed a $25bn merger with identity security platform CyberArk, bringing its workforce to 20,000.
According to ESET’s bi-annual “Threat Report”, in the latter half of 2024 South Africa was Africa’s most targeted country for cyberattacks, accounting for over 40% of ransomware and nearly 35% of infostealer incidents, with phishing comprising 34% of attacks.
Reisinger highlighted growing threats, including nation-state attacks, with Palo Alto’s “Shadow Campaigns” report finding 37 countries and over 75 institutions exposed to large-scale data exfiltration.
Attackers are leveraging AI quite heavily, and it also tells me that the barrier of entry for attacks are actually reduced
— Haider Pasha, Palo Alto VP and chief security officer for Emea
He also noted that criminal hackers are using AI to accelerate attacks, cutting the time from compromise to data theft from nine days to one on average, with the fastest cases taking 72 minutes.
“Cybersecurity needs to be first. It needs to be real-time. It’s not good enough to detect six days later or 10 days later. Cybersecurity needs to be highly automated,” he said.
Haider Pasha, Palo Alto vice-president and chief security officer for Emea, said zero-day attacks are soaring, with new attempts rising from around 2.3-million a day in 2024 to 8.95-million in 2025.
Pasha said AI is accelerating attacks. Customised ransomware can now be created in as little as 25 minutes, and a third of new vulnerabilities are exploited within 24 hours.
Identity-based attacks, which compromise usernames, passwords and other sensitive data, were involved in 90% of cases, and the machine-to-human identity ratio is expected to rise from 82:1 to thousands-to-one.
“Attackers are leveraging AI quite heavily, and it also tells me that the barrier of entry for attacks are actually reduced,” Pasha said.
This warning comes as a recent AI-enabled attack saw a hacker exploit Anthropic’s Claude chatbot to target multiple Mexican government agencies, stealing 150GB of sensitive data, including tax, voter and employee records between December 2025 and January 2026.
We see everything that the rest of the world sees. Africa doesn’t have its own version of the internet
— Justin Lee, Palo Alto’s regional director for sub-Saharan Africa
Pasha emphasised that defending against AI-driven attacks requires using AI itself, particularly agentic AI, semi- or fully-autonomous systems that can perceive, reason and act with minimal human input. He said nearly 70% of Palo Alto’s customers have reduced their mean time to detect and respond to threats to under 15 minutes using AI.
A recent BCG report also found 94% of CEOs plan to continue investing in AI in 2026, reflecting a trend of prioritising speed and agility in threat detection over immediate return on investment.
Justin Lee, Palo Alto’s regional director for sub-Saharan Africa, said African organisations face the same global threats as elsewhere.
“We see everything that the rest of the world sees. Africa doesn’t have its own version of the internet,” he said, adding that companies are grappling with how to protect themselves locally using the same international tools at an affordable, Africa-specific scale.
To address pricing and complexity challenges, Lee said Palo Alto offers its platformisation model, helping companies consolidate multiple security tools in stages.
Globally, organisations juggle an average of 83 solutions from 29 vendors. Adriaan Joubert, Palo Alto’s technical solutions manager, said platformisation creates “a single data lake, a single place where we can have all the data, so we can build automation”, helping to reduce the grunt work for security analysts and save five to 10 hours a week.
Samuel Mokoena, chief information security officer of Sibanye-Stillwater, said platformisation also lessens the workload for analysts and partners by filtering through the many alerts, ensuring critical issues are not overlooked.
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.