Protecting South African businesses is a collaborative effort that depends on the right partnerships, technology, and expertise.
At the recent ITWeb GRC 2025 event at The Forum in Bryanston, Stiaan de Waal, South Africa country manager at DataGroupIT, and Neil Cosser, regional sales director, Cybersecurity products at Thales, unpacked Thales’ acquisition of Imperva and how the merger has created a powerful, end-to-end defence for protecting data and all paths leading to it.
“Our collaboration started around fifteen years ago with an Imperva contract focused on application and network security across sixteen African countries. The Thales acquisition of Imperva has rounded off that offering and strengthened what we take to market,” said De Waal.
“When Thales acquired Imperva, we gained not just technology but also a very capable partner in DataGroupIT. Our technology has expanded beyond appsec (application security) and netsec (network security) to what we call ‘protecting your data and all paths to it.’ Data is the fuel of every business, and every route to that data must be secure,” Cosser said.
Both leaders noted that the collaboration brings together the right people, expertise, and presence to address a growing market across the continent.
GRC broader than IT and cyber security
Governance, risk and compliance (GRC) is essential for every business seeking ethical integrity, reputation protection, and sustainable growth. While technology is a critical enabler, de Waal cautioned that it cannot stand alone. Decision-makers should first assess and strengthen the maturity of their business processes before relying on technology.
“If you take broader risk management within businesses, it’s not limited to IT and cyber security. Enterprise operational risk, audits on third-party suppliers – very relevant today – and business resilience, as examples. If your business processes are not mature, you first need to fix that. GRC is a journey, not a product you can buy. Obviously, you can start within IT and cyber security to protect your company data and reputation, and that’s where Thales adds big value, but it’s much broader than that,” he said.
Cosser added that GRC spans the entire business, and there’s a growing need for tools that help monitor, measure, and manage operations effectively.“The market does not have a lot of technology in that space today – that’s an emerging requirement. What it does have is technology that can enforce GRC and compliance regulations and mitigate risk. The challenge is that it’s often not directed or managed in a way that addresses the risks highlighted by GRC reports – so instead of buying new technology, it’s about repurposing what you already have to get real value,” Cosser said.
Stiaan de Waal, SA country manager, DataGroupIT.
Emerging technology: risks and opportunities
De Waal said emerging technologies like artificial intelligence (AI) are putting business leaders under pressure, testing cyber resilience and readiness, but they also present opportunities.“AI can be a real advantage if used responsibly. We’re seeing AI-driven threat management and tools that help map business processes against regulatory changes,” he said. “At the same time, companies need to get ahead of regulation, limit public use of uncontrolled AI and ensure that local AI models keep data within a protected environment.”
He added that partnerships with global technology leaders will continue to strengthen as local providers assist businesses with regulatory compliance and third-party risk management.
Both de Waal and Cosser believe that 2026 will bring continued technology consolidation and a sharper focus on using technology intelligently, especially as regulatory compliance becomes more demanding.
Cosser pointed to quantum computing as a signal of how rapidly technology is advancing. “Things are evolving much faster than anyone expected,” he said. “Six months ago, experts predicted that the first quantum computer capable of breaking encryption would appear around 2030,” he said. “Now, we’ve already seen a system process data fast enough to do that, five years ahead of schedule. It was only stable for twenty seconds, but the reality is we’re already there. The question is now how we stabilise and secure that environment.”
He warned that businesses can easily become paralysed by the pace of change. “There’s a real risk of analysis paralysis. The key is to identify what you can see, understand what you can’t yet see, and take practical steps to strengthen your environment,” said Cosser.
De Waal agreed, adding that collaboration and foresight will remain essential.“As threats evolve and regulations tighten, partnerships like ours will continue to play a vital role in helping businesses stay compliant, secure, and ready for what’s next.”
Through their collaboration, DataGroupIT and Thales continue to deliver a unified approach to data protection, helping South African organisations protect their data – and every path to it – in an increasingly complex and threat-driven digital world.
