JSE-listed companies could lose as much as 30% of their share value following a crisis such as a cyber attack, in an environment where hacks are surging even as response times improve.
Heino Gevers, senior director of technical support at Mimecast, says losses from cyber crises drop to 4% when there is a response within hours, 10% when it's within days, and 14% or more when it takes weeks to address.
Threats per week are growing, with Check Point Research saying that in January, South African organisations faced an average of 2 145 cyber attacks per week, a 36% increase year-on-year. The global average was 2 090.
Victims have included MTN, South African Airways, Cell C, Land Bank, National Treasury, Netstar and the South African Revenue Service, which saw account takeovers via eFiling vulnerabilities.
At the end of the 2024/25 financial year, 2 374 security compromise incidents were reported to the Information Regulator for the year. The regulator's 2025/26 Annual Performance Report estimates that figure will reach close to 2 500 for the current financial year alone.
“It is evident that responsible parties remain vulnerable to lapses in the protection of personal information,” wrote the Information Regulator's chairperson, advocate Pansy Tlakula.
Costly experience
Mark Walker, director at technology consultancy T4i, notes that a breach has cost implications across multiple operational domains – not just IT, but regulatory compliance and production. Downtime and lost business, depending on the industry, can run into millions of rand, he says.
“Reputational risk to the company, especially if it operates in a sensitive sector such as finance or security, will have long-lasting negative commercial consequences.”
Walker notes there are three aspects when it comes to cyber security breaches: time to identify, urgency to report, and time to fully recover. “This places a significant burden on an organisation since it impacts across multiple operational domains besides the IT office.”
HIGH-LEVEL GUIDANCE
To learn more about defending organisations against today’s evolving cyber threats, register for ITWeb Security Summit Cape Town 2026 or ITWeb Security Summit 2026 in Johannesburg, where global and local experts will unpack the latest security trends and solutions.
The Protection of Personal Information Act’s (POPIA’s) reporting requirements place additional administrative burdens on already stretched IT resources, says Walker.
Globally, for the first time in five years, the average cost of a data breach dropped, reaching $4.44 million, according to IBM's Cost of a Data Breach Report 2025. On IBM's list of breach costs per country, companies paid the most per breach at $10.2 million, while South Africa came in 15th, with its monetary impact dropping to $2.37 million from $2.78 million.
Gevers points out that poorly handled incidents drive up costs further. This includes slow or confused notification, which increases the risk of fines, prolonged disruption eroding revenue and customer trust, and ad hoc clean-up exercises often requiring expensive third-party support.
AI is narrowing the gap
IBM’s local data shows South African organisations averaged 227 days to identify and contain breaches – about a month faster than the global average of 258 days – and 65% of breached organisations globally still haven't fully recovered within 100 days. “We refer to this as the 'time to context' gap,” says Gevers.
“Faster identification and containment of breaches, much of it from organisations' own security and security service teams, with help from artificial intelligence (AI) and automation, drove this decline,” says IBM in its Cost of a Data Breach Report 2025.
When an attack hits, security teams often spend days figuring things out after attackers have wreaked their havoc in hours, says Gevers. “Instead of teams spending days trawling through disconnected e-mail archives, Teams logs and Slack channels, AI engines can pull this information together in minutes, giving a single pane of glass that shows the scope and impact of an incident.”
Improved response times are driven in part by the fact that 78% of local organisations now deploy AI-infused security tools, which dramatically cuts the time to context, says Gevers. “For South African organisations, using AI to help narrow the response gap isn't just common sense; it's a reputational and financial imperative.”
Better compliance
Under POPIA, organisations must notify the Information Regulator and affected individuals as soon as reasonably possible after becoming aware of a data breach, outlining what data was compromised, the impact, and steps taken to contain the incident and prevent a recurrence.
Combined with anomaly detection based on years of behavioural and metadata patterns, AI can surface attacks earlier and arm security and leadership teams with the facts they need to brief all stakeholders and customers, not just to meet POPIA requirements, Gevers says.
Jacqui Muller, a researcher at Belgium Campus iTversity, says companies must shift from a compliance-driven mindset to a resilience-driven one. “Organisations must prioritise early detection, rapid response and structured recovery – because speed of reporting is meaningless without speed of detection and containment.”
Yet IBM notes a significant reduction in the number of organisations – from 63% to 49% − that plan to invest in security following a breach. Less than half of those companies plan to focus on AI-driven solutions such as threat detection and response, incident response planning and testing, and data security or protection tools.
Share
