The centrality of cybersecurity to socioeconomic development policy: A case study of cyber-vulnerability at South Africa’s Transnet

Abstract

Using South African state-owned enterprise (SOE) Transnet as a case study, this article explores the factors that influence the cybersecurity risks that are posed to infrastructure, with implications for markets and society, by advanced computational systems. We studied the legislation and corporate governance decisions leading up to the July 2021 breach of Transnet’s IT network, a high-profile event with potential cascading consequences. We also examined the evolution, since the country’s transition to democracy, of the South African government’s approach to fostering a developmental state. The findings illustrate that cybersecurity policy needs to be a core dimension of contemporary South African socioeconomic development policy, necessitating a central role for the developmental state in creating trusted marketplaces and procuring suitable security software systems. The findings also underscore the reality that a failure to act against increasing cyber-threats constitutes a substantial risk to the functioning of the South African market. Based on the findings, this article argues for a close examination of how the cybersecurity performance of South African SOEs can be improved. While focused on South Africa, the findings are relevant to other countries seeking to integrate robust cybersecurity measures into their national logistical and infrastructural sectors.