Sinoxolo Sisanda Hermanus2024-09-162024-09-162023https://hdl.handle.net/10566/16140Cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance, and technologies that can be used to protect the cyber environment and organisation and user’s assets. According to the Utica University (2020) the rate of cybercrimes has grown exponentially and is consistent with the growth of technology. Additionally, due to the global Corona Virus Disease-2019 (COVID-19) pandemic, the cybercrime rate rose exponentially; The Interpol (2023) states that with organisations and businesses rapidly deploying remote systems and networks to support staff working from home, criminals are also taking advantage of increased security vulnerabilities to steal data, generate profits and cause disruption. Cybersecurity has become significant nationally, not only within companies, but also within societies. This study analysed the factors that contribute to information systems security vulnerabilities in South African financial institutions; with the focus to addressing areas such as cybercrime, investments in cybersecurity and challenges, as well as the preparedness of organisations to address cybercrime. The study adopted an interpretivist approach, hence the use of a qualitative methodology. Microsoft Teams-based interviews were used to collect data from financial institutions’ participants; these were recorded and analysed using thematic analysis method. Findings revealed that the adoption of technologies in firms introduces cybersecurity risks and with technology advancements, new risks emerge; identified threats to organisations include third-party technologies and humans in the organisation. Participants mentioned phishing, insider attacks, and Distributed Denial of Service (DDoS) attacks that are usually experienced in organisations. Moreover, the study found that knowing your assets, frameworks, standards, and protection of Open Systems Interconnection (OSI) layers as strategies that financial firms adopt. Other strategies firms can implement include Identity and Access Management (IAM), data protection, detection systems, containment capabilities and incident response readiness, and cybersecurity training. However, the findings revealed that companies face challenges when implementing the strategies; these include business buy-in, availability, budget, skills, resources, regulatory compliance, building playbooks, and effective use of technologies. Even though the companies have adopted strategies, there is improvement needed. Lastly, the study offers recommendations to improve information systems security controls in order to reduce information systems security vulnerabilities.en