INTERPOL’s 2025 Africa Cyberthreat Assessment, South Africa is one of the biggest targets for cybercrime on the African continent, with over 12 000 ransomware detections recorded in 2024. Key areas of attack include the financial sector and government institutions.
With this risk, business decisions need to be made with absolute confidence; that’s why it’s critical to work with a software vendor that prioritises security, process, and additional assurances to the highest standards. This blog explores five things you should consider when choosing a software vendor.
1. Independent verification: a quick way to ensure trust
Trust is crucial in any business relationship, and independent verifications ensure that a software provider meets key security standards. Clear examples of standards include ISO 27001:2022 compliance, a robust framework for security covering three areas:
- Confidentiality
- Integrity
- Availability
With an additional focus on supporting principles:
- Authenticity
- Accountability
- Non-repudiation
Additional compliances, such as ISO 27017 for cloud security, provide peace of mind that your partner is following international best practices. Verifications, such as Amazon Web Services (AWS) Independent Software Vendor (ISV) Specializations certifications, can also signal the level of maturity a potential partner ascribes to. While they are not wholly security certifications and do not meet the same level of criteria as ISO 27001 compliance, they do need to meet stringent security standards.
2. Robust policies mean safe partnerships
Security is more than just a set of procedures; it’s a fundamental mindset that should be held within a company’s culture and processes. Policies are a great way of understanding how a potential vendor views security.
Good mandates need to prove that the practices are repeatable and measurable. They need to be documented, and measures need to be in place to ensure that all employees are compliant.
Policies to look for include:
- Information security
- Access control
- Encryption and key management
- Secure development
- Vulnerability management
- Logging and monitoring
- Incident response
- Business continuity and disaster recovery
- Third-party risk
3. How proactive security keeps you safe
Effective security must be continuous, adaptive, and proactive. The best approach is to identify and neutralise issues before they become incidents.
Reliable partners will have ongoing monitoring that is visible on a public trust page. This demonstrates that they value transparency and think critically about their security. Prioritise partnerships that conduct scheduled and event-driven penetration testing to ensure they are prepared for as many potential threats as possible. They should also implement vulnerability management that uses CVE severity scores with clear remediation timelines.
Cybersecurity insurance is a must-have for any software vendor you partner with. If an event occurs, you need to be able to cover lost revenue and ensure your consumers are protected as well.
‘Onboarding a third-party software vendor is not a procurement decision. It is a security decision based on risk.’
- Ferdi Immelman, Electrum Chief Information Officer
4. Ensure each link in the chain is protected
Strong security is shared across the whole supply chain. When your vendors follow strict auditing and assurance standards for their own software services, it reduces your exposure and makes your overall environment more resilient.
A single vendor compromise can disrupt an entire value chain, as seen in the June 2024 CDK Global ransomware outage.
In June 2024, CDK Global, a provider of dealer-management systems to over 15 000 car dealerships, was hit by a ransomware attack. To contain the breach, CDK shut down its core systems twice, halting sales and service operations across North America. Investigators later linked a $25 million ransom payment to wallets tied to the attackers.
5. Why finance matters
A partnership is a significant investment, particularly when handling sensitive data. That means you need to be confident in your partner's ability to maintain a going concern.
Cognisance of their capital position and asset-to-debt ratios through their financial statements will assure you of a long-term partnership. Understand if their Chief Financial Officer has experience scaling successful businesses.
Bonus tip: Electrum a partner you can trust
Electrum adheres to industry best practices in all security measures and is committed to complete transparency in our client relationships. To ensure your peace of mind when working with Electrum, please visit our Trust page to view our policies and proactive approach for yourself.
