Companies Act: Cyber Governance

The Companies Act operates in a governance environment where directors are expected to exercise appropriate care, skill and diligence, while companies must maintain reliable statutory records and communications. In practice, that responsibility increasingly depends on trustworthy systems, accurate electronic records and secure digital channels. From a cybersecurity perspective, this makes external risk visibility, electronic record integrity, secure communications and governance-friendly evidence important parts of responsible company oversight.

Act no: 71 of 2008

Type: Mix (Rules-based with principle-guided governance)

Purpose: Provides for the incorporation, registration, organisation and management of companies in South Africa, aiming to encourage transparency, accountability, and corporate governance.

All companies incorporated or registered under this Act, including profit and non-profit companies, state-owned entities, private companies, and public companies. [Section 8]

Public companies, State-owned enterprises, Private companies, Directors and company officers, Auditors, and company secretaries.

• Duty of Directors to Act with Care and Skill: Directors must act with the degree of care, skill and diligence that may reasonably be expected of a person carrying out the same functions [Section 76(3)(c)].
• Retention of Company Records: Companies must keep accurate records, in electronic or physical format, as part of their statutory obligations [Section 24].
• Access to Company Records: Stakeholders have rights to access certain records, which must be maintained in a manner that supports timely and secure access [Section 26].
• Secure Electronic Communication: Documents or notices transmitted electronically must be in a form that allows printing and does not mislead or reduce delivery probability [Section 6(10)–(11)].

The Companies Tribunal may impose administrative fines for breaches, including non-compliance with record-keeping or disclosure requirements [Section 175].

False statements, reckless conduct, or interference with enforcement processes may attract criminal liability [Section 214].

The Commission may issue compliance notices or refer serious breaches to court [Sections 171–174].

Trust in an organisation and its brand can be significantly damaged, leading to the potential loss of customers, contracts, and licence eligibility.

CyberProfiler: External Vulnerability Scan

Provides a safe, non-invasive external vulnerability scan of your public digital footprint, highlighting security weaknesses that may be visible to attackers.

• Supports director oversight: Helps directors and management identify externally visible cyber exposures that may create operational, reputational or governance risk. [Section 76(3)(c)].
• Safeguard Access to Records: Strengthens the perimeter against breaches that might affect access to or integrity of electronic records [Section 24].
• Mitigate Exposure of Electronic Records: By identifying internet-facing vulnerabilities, CyberProfiler helps reduce the risk of unauthorised access to company records stored electronically [Section 24].
• Protect Availability of Online Records: Supports business continuity by flagging exposed systems that may compromise the availability of electronic disclosures or filings [Section 6(11)].

Managed DMARC Protection

Supports DMARC implementation and monitoring to help reduce domain spoofing risk, improve outbound email trust, and move safely towards enforcement.

• Secure Electronic Notices: Enhances the authenticity of company communications, reducing risk of misdelivery or impersonation in electronic notices [Section 6(10)].
• Protect Stakeholder Communications: Reduces risk of fraud and impersonation in communications sent under the company name [Section 6(10)].

• South African Government: [Companies Act 71 of 2008 → link]
• Companies and Intellectual Property Commission (CIPC): [Companies Amendment Regulations 2023 – Beneficial Ownership → link]

(Links verified and active as of May 2026)