South African businesses are especially vulnerable to cyber attacks due to internal threats such as infrastructure vulnerabilities and the skills shortage, factors that also undermine service delivery across the economy.
Consulting firm BDO’s latest Techtonic States Report shows that 76% of business leaders surveyed worldwide expect increased cyber risk.
In March, global cyber security company ESET's bi-annual Threat Report identified South Africa as the most targeted country in Africa for infostealer and ransomware attacks.
Data collected between June and November 2024 revealed that over 40% of ransomware attacks and just under 35% of infostealer incidents on the continent occurred in South Africa.
Recent attacks have affected high-profile targets. A wave of cyber incidents targeting Microsoft's SharePoint document management system affected at least 400 organisations worldwide, including South Africa's National Treasury, putting sensitive government data at risk.
The Office of the Tax Ombud has found that fraudsters are exploiting vulnerabilities in the South African Revenue Service’s e-filing system to gain unauthorised access to taxpayer accounts, modify banking details, and redirect tax refunds for fraudulent gain. The estimated value of fraudulent transactions typically involves amounts below R10 000 but can reach up to R100 000.
Infrastructure issues
Khaya Mbanga, chief information and digital officer at BDO South Africa, says South African companies face four critical factors that create a complex threat landscape.
Infrastructure vulnerabilities are among the key challenges. “Although we have had some improvements, load-shedding and infrastructure instability create additional security risks as businesses rely heavily on backup systems and remote work capabilities,” says Mbanga.
RiskInsight research shows that in one-fifth of ransomware attacks, backup systems are deliberately targeted and rendered unusable to force victims to pay ransoms.
Meanwhile, companies allowing work from home rely on home networks, personal devices and largely unrestricted corporate system access, says SentinelOne.
“Remote workers tend to be most vulnerable without the office-based IT infrastructures set up around safeguards against such attacks,” the company states.
A mid-2025 Department of Science, Technology and Innovation paper, produced in conjunction with the Human Sciences Research Council, found that the “rise in cyber attacks in South Africa poses a growing threat to national security, economic stability and the privacy of its citizens… disrupting essential services in health, education and obstructing progress across these critical areas”.
Skills shortage
“The global cyber security skills gap is particularly acute in South Africa, where specialised talent often migrates to international markets,” says Mbanga.
The Pnet Job Market Trends Report for August shows a 77% increase in vacancies for artificial intelligence skills, which are used to detect unusual patterns, identify potential threats in real-time, and automate responses to cyber attacks. The report notes the increase in demand underscores how quickly the market is accelerating.
Regulatory complexity adds another layer of difficulty. Implementation of laws such as the Protection of Personal Information Act, combined with increasing regulatory scrutiny, means businesses must balance compliance requirements with operational efficiency, says Mbanga.
Economic growth
Economic pressure forces difficult choices. "Cost constraints force difficult trade-offs between immediate operational needs and long-term security investments," Mbanga says.
South Africa's economy grew 0.8% in the second quarter, and the International Monetary Fund's latest prediction is for 1.1% growth, which aligns with Investec's expectations, according to Investec chief economist Annabel Bishop.
The 2025 Security Budget Benchmark Report by IANS Research and Artico Search found a causal link between economic cycles and lower security budgets.
Companies worldwide are increasingly aware they could be affected by a cyber breach, says BDO. “The perception of cyber threats has fundamentally shifted from ‘it probably won't happen to us’ to ‘it's only a matter of time’,” says Rocco Galletto, global cyber security leader at BDO.
“No business is too small, and no sector is off-limits. Attackers are motivated by financial gain, using ransomware and data theft to achieve their objectives.”
Share