Speaker
Description
South African higher learning institutions manage complex, multi-campus environments characterized by fragmented IT portfolios and vast repositories of sensitive student, research, and financial data. Despite the mandatory enforcement of the Protection of Personal Information Act, which requires reasonable technical and organizational measures for data protection, many universities continue to operate with reactive security postures and inconsistent governance frameworks. This "cybersecurity-resilience gap" is particularly evident in the lack of formal strategies and internal controls necessary to ensure the confidentiality and integrity of personal information across varying levels of digital maturity. Current static policies are increasingly insufficient against evolving AI-driven attacks, necessitating a shift towards a centralised model that can balance global oversight with campus-specific risks. To address these vulnerabilities, this research proposes an AI-Enabled Adaptive Cybersecurity Governance model grounded in Dynamic Capabilities Theory and Socio-Technical Systems Theory. The model transitions institutional defence from static, manual oversight to a proactive mechanism by integrating AI-driven dynamic risk scoring, real-time anomaly detection, and automated compliance enforcement. Using a Design Science Research methodology and a pragmatic paradigm, the study develops a model that facilitates continuous monitoring of multi-campus assets while ensuring that security policies evolve alongside emerging AI-driven threats. The expected outcome is a validated governance model that enhances institutional resilience, bridges POPIA compliance gaps, and provides a scalable blueprint for resource-constrained universities to secure valuable academic data while ensuring operational continuity and international research competitiveness
Key words: Artificial intelligence, Cybersecurity, South African higher learning institutions, Governance, POPIA