Policies don’t stop attackers, but preparation changes outcomes, says Cyanre MD Professor Danny Myburgh.
Cyanre , a specialist in cyber resilience and incident response, will use its platform at the ITWeb Security Summit 2026 to challenge one of the most entrenched assumptions in cyber security: that policies alone can protect organisations from modern attacks.
Taking place at the Century City Conference Centre in Cape Town on 26 May and at the Sandton Convention Centre in Johannesburg from 2 to 4 June, the summit provides a platform for African security leaders to confront the realities of an increasingly automated and adversarial threat landscape. As part of its participation, Cyanre will deliver two sessions focused on the practical challenges of managing cyber incidents.
Cyanre associate director Lukas van der Merwe will present, a session grounded in decades of digital forensic and incident response experience. Cyanre’s message reflects a recurring pattern observed across real-world incidents: organisations often rely heavily on policies, frameworks and compliance activities, yet struggle when faced with the speed and ambiguity of an active breach. In practice, response effectiveness is rarely determined by documentation alone, but rather by how well teams have internalised processes and prepared for high-pressure decision-making.
Now in its 21st year, ITWeb Security Summit is Africa’s premier cyber security event. Under the theme: “Redefining security in the face of AI-driven attacks, fragile supply chains and a global skills gap”, the 2026 summit will take place in Cape Town and in Johannesburg . A key theme in Cyanre’s sessions is the concept of practical readiness. During a cyber incident, particularly in its early stages, decisions must be made quickly with incomplete information.
The ability to act decisively in those conditions depends far less on referencing formal plans and far more on prior preparation, rehearsal and alignment across the organisation. This extends beyond technical teams. Cyanre highlights that incident response is inherently a business-wide effort, involving leadership, legal, communications and operational functions.
“When a breach occurs, it becomes a business event almost immediately,” says Van der Merwe. “How the organisation responds is shaped by clarity of roles, decision-making authority and leadership alignment long before the incident begins. ” The firm also challenges common assumptions about cyber risk. Modern attacks are increasingly automated and indiscriminate, targeting opportunity rather than specific industries or organisation sizes.
As a result, organisations of all types and scales are exposed, regardless of perceived maturity. At the same time, Cyanre cautions against equating security investment with resilience. While technology remains a critical enabler, the absence of operational capability can undermine even the most advanced toolsets, creating a false sense of security.
“Security is not defined by how much you spend, but by how effectively you can respond when something goes wrong,” adds Myburgh. Preparation, Cyanre argues, has a direct impact on how quickly an organisation can understand what has happened, stabilise its environment, and move towards recovery. This includes ensuring teams are aligned, decision pathways are defined, and trusted partners are in place before an incident occurs. Another focus area is decision-making under pressure.
Many of the most complex choices in a cyber incident, ranging from disclosure and communication to engagement strategies, carry legal, financial and reputational implications. Cyanre emphasises that these decisions should be addressed in advance, rather than for the first time during a crisis. The organisation also advises against reactive behaviour during incidents, such as engaging unfamiliar vendors or introducing new solutions under pressure. Instead, it encourages organisations to establish trusted relationships and response structures ahead of time.
Ultimately, Cyanre’s presence at ITWeb Security Summit 2026 reinforces the idea that cyber resilience is not achieved through policy alone. It requires deliberate preparation, practical experience and organisational alignment.
“Preparation requires moving the budget from ‘after’ to ‘before’,” Myburgh concludes. “Because when an incident happens, it’s already too late to build resilience; you’re simply testing whether it exists. ”Cyanre is a cyber resilience firm specialising in incident response, digital forensics, breach readiness and executive-level cyber crisis management. Working with boards, executive teams, legal counsel and insurers, Cyanre helps organisations prepare for, manage and recover from complex cyber incidents.
With experience across thousands of incidents over more than two decades, Cyanre’s approach focuses on real-world response dynamics, decision-making under pressure and aligning organisations to respond effectively when it matters most. ITWeb Security Summit 2026 will be held at Century City Conference Centre, Cape Town on 26 May 2026 and at Sandton Convention Centre in Sandton, Johannesburg from 2 to 4 June 2026.
Themed: ‘Redefining security in the face of AI-driven attacks, fragile supply chains and a global skills gap’, the 21st annual edition of Security Summit will continue in its tradition of bringing leading international and local industry experts, analysts and end-users together to delve into the specific threats and opportunities facing African CISOs, security specialists, GRC professionals and anyone else who is responsible for securing their organisation from cyber-attacks.
Cyanre Professor Danny Myburgh Lukas Van Der Merwe Threat Landscape Incident Response Policy-Driven Security Thinking
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
KnowBe4 to showcase AI-native attack simulation and training product, twelfth AI agent at ITWeb Security Summit 2026The company will be available at the Cape Town and Johannesburg events to demonstrate the key benefits of the KnowBe4 security awareness training offerings.
Read more »
Why cyber defence is like an onionA military “Survivability Onion” framework helps companies cut security costs by terminating unnecessary systems and shrinking their attack surface, says Stitch's Barney de Villiers ahead of the ITWeb Security Summit.
Read more »
Citrix warns of rogue AI as enterprise attack surface growsThe company will discuss AI governance and zero trust at the ITWeb Security Summit 2026 in Johannesburg.
Read more »
Singularity Summit returns to inspire Africa’s future this OctoberGlobal thought leaders will return to Johannesburg in 2026 to explore AI, quantum computing, digital identity, and the next era of human potential.
Read more »