The South African digital landscape has reached a critical juncture, with the country facing a dramatic increase in cyber threats targeting its critical infrastructure, financial systems, and personal data privacy. As the adoption of technology increases across sectors, so does the sophistication of cybercriminals in finding vulnerabilities to leverage. This has consequently raised the demand for robust cyber security measures, and both the government and private sector are increasing efforts to strengthen digital defenses.
According to Craig Rosewarne, Cyber-Security Expert and Managing Director of Wolfpack Information Risk, the cyber threat landscape in South Africa requires a multi-faceted approach. He explains that companies, governments, and vulnerable communities face different but interlinked risks. Companies are increasingly being held accountable for their third-party suppliers’ cyber-security standards, with large enterprises requiring compliance with ISO 27001 certification. South African banks, for example, have emulated the likes of Nigeria by setting high cyber-security thresholds before granting licenses to financial institutions. Yet, public institutions and local communities continue to be ideal destinations for cyber-terrorists due to the minimal nature of their IT investments, coupled with general lack of cyber awareness.
The government response to the situation is driven by Department of Communications and Digital Technologies (DCDT). Tlangelani Manganyi, Media Relations Officer at DCDT, outlined key developments in South Africa’s National Cyber-security Strategy. Guided by the National Cyber-security Policy Framework (NCPF) of 2015, multiple agencies like the Cyber-security Hub and the ECS-CSIRT under the State Security Agency (SSA) are operational. While the Cyber-security Hub focuses on public engagement and education, ECS-CSIRT manages incident response and threat intelligence. The Cybercrimes Act, 2020, operationalised on December 1, 2021, further promotes this legislative framework insofar as consolidating cybercrime laws and thus introducing new offenses dealing specifically with the manipulation of data, digital messaging, and the abuse of networks.
Phetolo Phatsibi is a Media Relations Practitioner at the Council for Scientific and Industrial Research (CSIR) and spoke highly of the role technology played in the country’s strategy in cyber-security. The CSIR’s Information & Cyber Security Centre has designed a Cyber Early Warning System, which is an inexpensive device aimed at detection and prevention in the early stages of such cyber-attacks.
“Secondly, the Virtual Security Operations Centre under the same ICSC offers technical assistance and incident response to both the private and public sectors.
“The partnerships with the SMMEs form part of the bigger strategy by South Africa to enhance local cyber security capabilities and reduce overdependence on imported solutions,” Phatsibi said.
In the case of the financial sector, the stakes are higher. According to Ntshiki Maluleka, the Head of Media and Communications at the South African Banking Risk Information Centre, digital banking fraud is on the rise, with schemes like phishing and “Facebook fraud” causing significant losses for South African banks. Enhanced transaction monitoring systems have been implemented to detect unusual activity, and consumer awareness campaigns have been launched
to educate users about safe banking practices. However, Maluleka is the first to admit that consumer confidence has taken a hit, especially with social media platforms becoming a breeding ground for fraudulent schemes.
Private sector businesses are equally at risk from cyber threats. For instance, Gift Chawasarira, the Chief Financial Officer at National Funeral Undertakers Investment Company-NAFUICO, narrates how phishing scams and hacking into accounts have inflated the operating costs of his organization. Against these threats, NAFUICO has implemented general IT controls like access restrictions, encrypted devices, and system audits. Recently, the company hired a Chief Technology Officer to consolidate its cyber security policies and decrease dependence on external consultants. According to Chawasarira, the costs of cyber security disproportionately affect smaller firms, which have limited resources to manage advanced threats.
The Cybersecurity Hub has played a critical role in terms of public education; and it is led by the Ministry of Communications and Digital Technologies which provides a number of the Ministry’s initiatives to gain in building cyber security awareness amongst the citizens. Amongst these interventions included the development of a Cybersecurity Schools Toolkit for teachers, parents, and learners according to the Ministry of Communications and Digital Technologies Spokesperson, Kwena Moloto. This initiative aims at equipping young South Africans with the knowledge to identify and mitigate online threats. Further, the Hub launched a Cybersecurity Toolkit for SMMEs, in collaboration with the Information Regulator. This provides hands-on guidelines on securing business systems, training staff, and responding to cyber incidents.
The private sector response to South Africa’s cyber security crisis has been dynamic and multi-pronged. Companies are investing in sophisticated technologies such as AI-powered threat detection, biometric verification, and data encryption tools. Rosewarne further emphasised that training and awareness programs are very important, and Wolfpack Information Risk has provided cyber security training to a number of South African financial institutions and also some regional banks across Africa.
“Awareness is key to combating cybercrime,” said Rosewarne.
He further commented that vulnerable communities, in particular, such as NGOs and schools, are easily targeted as they usually lack the IT capacity to defend themselves. Wolfpack supports such communities with pro bono services and educational resources-including the book “Cyber Crime Self Defense”-which informs the public about the many different types of online scams and how to protect oneself.
Financially, cybercrime is seriously affecting the economy of South Africa. It has been estimated by the CSIR to cost R2.2 billion annually. A TransUnion 2024 analysis of suspected digital fraud rates in 19 countries found that South Africa ranked eighth, with 4.9% of all online transactions suspected of being fraudulent. The worst-hit sectors were in telecommunications, financial services, and online communities. Synthetic identity fraud, where fraudsters create identity using real personal information, has increased by 153% over the past year. In addition, SIM-swap fraud and phishing scams are becoming increasingly worrisome; phishing alone cost South Africans R200 million in 2023 — a 50% increase from 2022, according to SABRIC.
Fraud in public institutions has also exposed South Africa’s cyber security gaps. SASSA and the Department of Home Affairs incidents have recently shown just how vulnerable these kinds of organisations are to data breaches. Government systems, which can sometimes house a great deal of sensitive data, are, according to Rosewarne, being targeted in ransom-ware attacks. He said,
“It is an emerging threat, not only in the private sector but also in the public sector. The government is under immense pressure to protect the critical information infrastructure, as these kinds of attacks are growing in frequency and sophistication,” said Rosewarne.
Under the leadership of President Cyril Ramaphosa, some measures have been put in place to improve the cyber security framework in South Africa. These include:
Legislative measures
In June 2021, the President signed the Cybercrimes and Cybersecurity Act into law. The new law brings in additional breach reporting requirements for organizations, as the country attempts to match global standards in cyber security.
National cyber security strategy
It has adopted a national cyber strategy and created a military Cyber Command, but for many years, competing priorities have rivaled it for the top spot: corruption, poverty, and racial injustice.
Challenges and expert opinion
Yet despite these initiatives, experts identify persistent shortcomings. In a report, the Carnegie Endowment for International Peace describes the cyber strategy under Ramaphosa as “limited progress” and a “low priority”. The report suggests that foundational steps have been taken, but much more comprehensive and prioritised efforts are necessary to effectively address cyber security threats.
Furthermore, the country lacks cyber security experts, which hinders its efforts in effectively combating cyber threats.
The bottom line is that while the administration led by President Ramaphosa has taken crucial legislative and strategic steps toward ensuring cyber security, according to experts, more prioritisation and resources are needed to pump in if it is to meet the changing face of cyber threats head-on.
Looking ahead, proactive measures, collaboration, and capacity-building will define South Africa’s future on cyber-security. More comprehensive training will be rolled out by the government for law enforcement, South African Revenue Services (SARS), and other key stakeholders in a much-needed capacity-building exercise. International support from countries like the UK is anticipated to boost these efforts. Meanwhile, industry players are preparing for possible regulatory changes that would impose stricter cyber security standards, similar to those implemented in Kenya and Nigeria.
As cybercrime evolves; so must South Africa’s swift response. Strengthening public-private partnerships, enhancing education and training, and leveraging homegrown cyber security technologies will be essential. It is a battle that requires collective effort and investment sustained over time, but this commitment to the safeguarding of its digital future finds expression in the initiatives that are underway from its government, financial sector, private enterprises, and
cyber security experts. These actors continue to be guardians of the digital age and have to adapt continuously to innovative methods of protecting South Africa’s critical infrastructure against ever-evolving cyber threats.