South Africans long ago learned that relying solely on the police is not enough. The response has been the rise of private security, with officers now outnumbering police and forming a parallel safety infrastructure for households and businesses.
A similar shift is now emerging in the digital economy.
As generative AI accelerates fraud, deepfakes and synthetic identity attacks, experts say organisations must move beyond traditional cybersecurity governance and adopt a layered, pre-emptive threat detection architecture, effectively creating a form of “digital private security”.
“The analogy is quite clear,” says Professor Clifford Shearing, criminologist and governance expert at the University of Cape Town.
“In the physical world, societies realised that policing alone could not manage complex risk. Private security evolved as a complementary infrastructure,” he explains. “We are now seeing the same shift in digital environments, where pre-emptive monitoring and intervention become essential components of institutional safety.”
The irony inside boardrooms
“Many executives already understand layered security in their personal lives. Corporate leaders live in homes protected by alarms and private security patrols,” says Matt Renirie, founder of Certified AI Access and a former Morgan Stanley executive. “Yet many organisations still lack equivalent digital protection.”
Recent projections from Deloitte estimate that generative AI could enable fraud losses of up to $40-billion annually by 2027, driven largely by synthetic identity scams and deepfake impersonation attacks.
In response, Renirie adds that large financial institutions are beginning to invest heavily in AI-based threat detection systems.
“JPMorgan Chase has reportedly expanded its use of advanced fraud detection technology, a move analysts say strengthened customer trust and added hundreds of millions of dollars in brand value as the bank positioned itself as a leader in digital security,” he says.
The lesson he notes, for other organisations is clear: security infrastructure is no longer simply a compliance requirement. “It is a brand and customer-retention strategy.”
Governance alone is no longer enough
Governance frameworks alone are unlikely to keep pace with rapidly evolving AI capabilities. Researchers including Yoshua Bengio and Geoffrey Hinton have warned that institutions must treat AI risk as a systemic infrastructure challenge rather than a purely regulatory issue. Criminologist Benoît Dupont has described this shift as the evolution of cybersecurity from reactive defence to “anticipatory security”.
A layered security stack
Renirie says the most effective response lies in adopting a layered security architecture.
“This includes identity verification systems, behavioural analytics, deepfake detection and real-time monitoring tools capable of identifying synthetic media before it reaches customers,” he says. “Such technologies are increasingly being deployed by financial institutions to monitor voice channels, video interactions and digital identity verification processes.”
The approach he adds, mirrors the layered logic of private security: multiple defensive systems working together to prevent incidents before they occur.
Consumers as the first line of defence
At the same time, consumers themselves are becoming part of the security equation.
Renirie believes this shift will ultimately reshape the relationship between companies and their customers. “Consumers are going to start asking their banks and insurers direct questions,” he says. “Do you have systems in place to detect AI impersonation? Do you monitor synthetic media attacks? How are you protecting me?”
Trust as the ultimate asset
For Shearing, the broader implication is that trust itself is becoming a form of infrastructure in the digital economy.
“When people lose confidence in the systems they rely on, institutions become fragile,” he says. “Building resilient forms of trust is therefore not simply a technical challenge. It is a governance and institutional design challenge.”
“In an era where reality itself can be fabricated by machines, companies that proactively protect their customers may find that security becomes one of their most valuable assets,” he concludes. “Much like the rise of private security, the organisations that move first are likely to define the standard others must follow.”