As deepfake scams and identity-based attacks emerge as leading cyber threats in 2026, organisations must strengthen employee awareness and identity security to build a human firewall against evolving cyber risks.
Image: Supplied
South African businesses are facing a new generation of cyber security threats as artificial intelligence becomes more deeply embedded in the workplace, with new research revealing that nearly two thirds of employees believe they could be fooled by an AI generated scam.
The findings, published by digital workforce security company KnowBe4, highlight the growing risks posed by deepfake technology and the widespread use of unapproved artificial intelligence tools across organisations.
According to the report, 86% of South African employees believe AI generated voice and video content has become so realistic that they no longer know what information they can trust. At the same time, 63% admitted they would be unlikely to recognise a deepfake attack in the workplace.
The study also found that AI adoption is outpacing corporate oversight.
Nearly two thirds, or 64%, of South African organisations reported that artificial intelligence is being used without proper governance or approval, creating what the report describes as "Shadow AI", where unsanctioned AI systems operate without organisational oversight.
The report found that 38% of South African cyber security leaders said autonomous AI agents are already performing tasks independently within business workflows.
However, many organisations have yet to establish the governance structures needed to manage the technology safely.
Anna Collard, Senior Vice President of Content Strategy and CISO Advisor at KnowBe4 Africa, warned that organisations are entering a new phase of cyber security where both employees and AI systems have become potential targets.
"Cybersecurity has entered a volatile phase where organisations are trying to secure a hybrid human and AI workforce that's changing more quickly than security leaders can keep up," Collard said.
"Attackers are moving at machine speed, using attacks such as deepfakes to target employees and prompt injections to hijack AI agents. Leaving more than half, 64%, of your corporate AI usage ungoverned is a massive open invitation to threat actors."
The research points to human behaviour as one of the biggest vulnerabilities.
More than six in ten cyber security leaders, or 62%, reported that mistakes made during routine daily work had the greatest impact on their organisations' cyber security over the past year.
Employees themselves acknowledged the challenge. Nearly 60% admitted that workplace distractions and time pressures often cause them to make security mistakes, even when they know the correct procedures.
The report also highlighted the growing popularity of unofficial AI tools in the workplace.
More than one third of employees, or 35%, admitted they would source their own AI applications if approved options were unavailable or too restrictive.
At the same time, 48% of cyber security leaders said the use of unauthorised software and AI applications had negatively affected their organisations' security posture during the past 12 months.
Despite these challenges, the report found that many businesses are beginning to improve their cyber resilience. While 64% of organisations reported modest improvements in their cyber security maturity, only 14% have achieved what KnowBe4 describes as the "gold standard", where organisations have fully integrated strategies to manage both human and AI related cyber risks.
Less than half of cyber security leaders, just 46%, said they felt very well prepared to deal with emerging AI driven threats over the coming year.
The report also found that organisations achieving the strongest cyber security outcomes were those that had embedded security into their workplace culture rather than treating it purely as a technology function.
Among these organisations, 95% of employees said they felt comfortable reporting mistakes without fear of blame, helping businesses identify and respond to threats more quickly.
Collard said building a stronger security culture would be essential as AI continues transforming workplaces.
The report concluded that organisations need to design systems that encourage secure behaviour, create supportive workplace cultures and move beyond measuring employee failures by instead reinforcing positive security practices across both human employees and AI systems.
As artificial intelligence becomes an increasingly common part of daily business operations, the findings suggest that South African organisations face a growing challenge not only in managing the technology itself but also in ensuring employees know how to use it safely and responsibly.
Follow Business Report on Facebook, X and on LinkedIn for the latest Business and tech news.