Graeme Millar, Managing Director, SevenC. While the external AI-powered attacks get most of the headlines, for many businesses, the bigger vulnerability is actually on the inside. Today, employees using AI tools without guardrails is a major security risk. For business leaders who are yet to question if their data is actually safe, it’s time to do so.This was the overarching message of SevenC's recent webinar, ‘Resilient by Design: Protecting your people and data in the age of AI’ in partnership with Veeam. The session was broken up into three clear topics. It started by outlining how AI is being used to target staff and why it’s essential to understand human risk exposure and to train staff more effectively. It went on to explore the risks associated with deploying AI across your business without the necessary controls and offered several questions organisations should ask to assess AI readiness. To close the session, attendees were given concrete next steps they can take immediately to mitigate threats and recover fast when it matters.To learn how you can protect your business, download the ‘Resilient by Design’ webinar recording here.Opening the webinar, Liesel Penaluna, new business development and account manager at SevenC, set the scene by stressing that security awareness can no longer be just another tick-box exercise. Instead, she said it should form part of the broader business strategy because, when it's not done well, the consequences can be significant.To mitigate modern risks, she suggested that businesses take a layered approach because the more layers of protection there are in place, the harder it is for threats to get through. According to her, human error remains the number one cause of cyber incidents year after year, which is why organisations must improve their approach to cyber awareness training. “It can’t be something generic that everyone has to attend once a year on a Friday afternoon because you may be ticking that compliance box, but the lesson isn’t being learned.”SevenC’s approach, she explained, starts with a gap-analysis questionnaire to identify each employee’s weaknesses and ensure their training starts where they need it most. This training must also be tailored based on their role. This content includes short two- to five-minute lessons that can easily fit into everybody's work schedule, with behaviour-triggered reinforcement training to build lasting habits. “The goal is to turn your staff into human firewalls,” she said. Beyond this, SevenC also offers dark web monitoring, scanning for stolen credentials before they can be exploited and policy management to ensure that users understand security policies.Field CTO for Veeam for EMEA, Ian Engelbrecht, went on to paint a picture of how complex it is for modern businesses to effectively manage and secure their data in the age of AI. Most organisations, he said, are building unstable foundations because they’ve deployed AI without really thinking about governance. Furthermore, they haven't taken the time to fully understand and accurately classify their data. “These businesses are racing to do whatever they can with AI without thinking about how data is being used and what it's being used for,” he said. The hidden risk here is dark data and shadow AI that exists outside of governance controls.Explaining why this is important, he noted that in 2021, the average organisation had to manage 10 identities per person. In 2026, that number has increased to 82 non-human identities to every single human. “This is a problem because these identities aren’t visible and aren’t being monitored and, thus, are more vulnerable to attacks,” he said.According to Engelbrecht, a unified approach is needed to manage agentic AI risks that brings together data security, identity and access management, AI and data resilience. The goal is to connect the dots so data provenance and lineage are clear and you can more effectively track how data systems evolve over time.Additionally, he advised that any business wanting to assess AI readiness should answer the following:Are we POPIA-aligned across all conditions for AI data processing?Are AI systems trained on diverse data with continuous bias testing?Can users understand how and why an AI decision was made?Is there a human in the loop at every critical decision stage?Are cyber security controls and risk assessments in place for AI?Do we have AI ethics training and upskilling programmes in place?Jacques Marais, sales and branch manager at SevenC, concluded the webinar by offering attendees a 30-day resilience starter plan and checklist. “This isn't a complicated project and doesn’t demand that you rebuild your entire security posture from scratch,” he said. “It's a practical two-track sprint that runs across four weeks. Week one is about assessment; week two is about closing the most urgent gaps and weeks three and four are about building and embedding good habits. The checklist is there for one reason: to make this usable, not theoretical. Whether you outsource it, run an in-house team or operate a co-managed model, you follow the same structure and can easily adapt to your environment.”Find out how SevenC Managed IT Services can design right fit solutions for your business of up to 500 employees – click here to connect with one of SevenC's IT specialists.* SevenC Managed IT Services is a 2026 Veeam Gold Partner.