Original Research

Exploring cybersecurity disclosure in South Africa

Laura F. Putter, Ruth Johnson, Nadia Mans-Kemp
South African Journal of Economic and Management Sciences | Vol 29, No 1 | a6133 | DOI: https://doi.org/10.4102/sajems.v29i1.6133 | © 2026 Laura F. Putter, Ruth Johnson, Nadia Mans-Kemp | This work is licensed under CC Attribution 4.0
Submitted: 18 February 2025 | Published: 12 January 2026

About the author(s)

Laura F. Putter, Department of Business Management, Faculty of Economic and Management Sciences, Stellenbosch University, Stellenbosch, South Africa
Ruth Johnson, Department of Business Management, Faculty of Economic and Management Sciences, Stellenbosch University, Stellenbosch, South Africa
Nadia Mans-Kemp, Department of Business Management, Faculty of Economic and Management Sciences, Stellenbosch University, Stellenbosch, South Africa

Abstract

Background: The coronavirus disease 2019 (COVID-19) pandemic resulted in the increased use of technology by companies. As such, corporate leaders started giving due attention to escalating cybersecurity concerns and disclosing such information to stakeholders in integrated reports to enhance legitimacy.
Aim: The authors investigated cybersecurity disclosures by selected South African companies that were most vulnerable to cyber threats before and during the COVID-19 pandemic.
Setting: Disclosures by selected Banking, Health care, Technology and Retail companies that were listed on the Johannesburg Stock Exchange (JSE) were analysed between 2017 and 2022.
Method: Content analysis was conducted on integrated reports. Three cybersecurity disclosure metrics were computed, namely disclosure presence (the number of keyword occurrences), disclosure level (coverage scores based on the unique keywords used relative to the total number of keywords) and disclosure volume (number of paragraphs comprising cybersecurity information). Significant differences for the three disclosure metrics were assessed for the overall period and between the considered years by conducting sequential analysis of variance (ANOVA) and Fisher’s least significant difference (LSD) analyses, respectively.
Results: The disclosure presence, level and volume of cybersecurity by sampled companies improved noticeably. Statistically significant differences were observed for the overall period for all three disclosure metrics. Most of the annual differences for cybersecurity disclosures were significant.
Conclusion: The sampled companies rapidly adopted and adapted their cyber-related practices and disclosures since 2020. The companies disclosed on key cybersecurity threats and the management thereof in their integrated reports to enhance their legitimacy.
Contribution: This study shows which cybersecurity matters received the most attention by the sampled JSE-listed companies in their integrated reports.


Keywords

cybersecurity; disclosure presence; disclosure level; disclosure volume; content analysis

JEL Codes

G34: Mergers • Acquisitions • Restructuring • Corporate Governance; M15: IT Management; O33: Technological Change: Choices and Consequences • Diffusion Processes

Sustainable Development Goal

Goal 9: Industry, innovation and infrastructure

Metrics

Total abstract views: 387
Total article views: 534


Crossref Citations

No related citations found.