Globally, the time between a network intrusion and data theft has dropped to around 72 minutes , down from 285 minutes in 2024. For South African organisations, which recorded a 60 rise in data breaches in the first half of 2025 alone, that shrinking window is fast becoming an impossible one to close. Justin Lee, Regional Director for Southern Africa at Palo Alto Networks , shares his insights.
This poses a specific challenge to the public sector, where the Cabinet-approved Roadmap on the Digital Transformation of the South African Government is accelerating toward a centralised MyMzansi platform. South Africa has made significant strides in digital governance, climbing to 40 th place in the most recent UN e-Government Index, but as digital ambitions grow, so does the attack surface.
Research from Unit 42, Palo Alto Networks' threat intelligence division, drawing on more than 750 major incidents across 50 countries, suggests the primary driver of breaches is not attacker sophistication. In 87 of investigated cases, responders had to piece together evidence from two or more separate systems, meaning fragmented defences, not novel techniques, are enabling most attacks.
