While research shows that SA is the most attacked country in Africa when it comes to ransomware and infostealer attacks, the country’s business leaders remain ambivalent about human risk management (HRM) to address their greatest vulnerability – people.
ESET’s bi-annual Threat Report 2025 shows that over 40% of ransomware attacks and just under 35% of infostealer incidents on the continent occurred in SA. The research adds that phishing attacks make up 52% of all cyber threats in the country.
According to ESET, nearly 70% of cyber incidents stem from preventable human mistakes, making an untrained workforce the weakest link in any organisation.
This year alone, one of the country’s largest broadcasters, SABC, fell victim to a business e-mail compromise attack, with hackers infiltrating staff accounts and launching attacks loaded with convincing links and attachments. Phishing e-mails also brought the South African Weather Service to a standstill, crippling aviation and marine operations and taking communications and website systems offline.
Cyber security companies concur that the situation is exacerbated by AI that is driving a new wave of cyber crime, enabling larger and more expensive data breaches that are increasingly difficult to detect and challenging to stop.
Attackers use hyper-realistic, automated social engineering tactics and malware that can learn from its surroundings and change behaviour in real-time to evade security defences.
To further complicate things, the availability of fraud kits and services on the dark web has commoditised cyber attacks, with providers offering bulk discounts, profit-sharing models and even monthly subscriptions, turning fraud into an affordable and sustainable job opportunity for criminals.
Heino Gevers, senior director of technical support at Mimecast, says while South African business leaders are eager to protect staff and customers from digital threats (PwC’s Digital Trust Insights Survey 2025 finds 66% of organisations prioritising mitigating cyber risks and 29% expecting a notable budget increase to do so in 2025), security leaders continue to focus on system repair and not on the people risk factor.
“South Africa is among the top 10 most targeted regions for cyber attacks globally, yet it ranks as one of the lowest in those 10 when it comes to cyber security education and preparedness,” says Gevers.
Advanced HRM
Mimecast suggests protecting humans from themselves has become the most critical aspect of securing an organisation, and this “community defence” relies on advanced HRM.
Gevers explains that "community defence" refers to an approach where threat intelligence and security insights are collectively shared across its global customer base, enhancing protection for all organisations in the network.
This model leverages data from billions of e-mails and real-time analysis of attack patterns, so when a new threat is detected anywhere in the Mimecast community, all customers benefit from immediate, automated protection updates across the platform
According to Forrester, HRM adoption has shifted from "innovative organisations" and is now fast approaching the early majority. The trend indicates that while mass adoption has not yet been reached, the practice is gaining significant traction, with most organisations expected to adopt HRM platforms and methodologies by late 2026.
However, Gevers is quick to point out that while globally, HRM may have moved from buzzword to best practice, SA is still playing catch-up because of a combination of challenges.
“Many companies still rely on generic, infrequent training that does not address real human risks or behaviour change. Historically, security culture has focused on protecting the technical layers in the business, rather than the human layer, so this requires change. While POPIA stresses employee training obligations, enforcement and audits around human risks are also less mature,” he continues.
HRM offers real-time behavioural monitoring from across the organisation, rapid response and adaptive training to directly confront the social engineering and manipulation tactics GenAI attackers use.
AI can help
Gevers adds that AI bolsters HRM by enabling deeper insight, faster detection and personalised, adaptable and context-aware interventions, turning large volumes of human and behavioural data into actionable intelligence to minimise risk.
“If you expand where, when and how you educate your teams, you have significantly more touch points or teachable moments. Rather than tedious once-a-month sessions, you can provide your staff with real-time nudges that give them guidance on how to respond to threats as they present themselves across any of the digital channels they may find themselves in. That’s when people learn at their best,” Gevers says.
He believes SA can encourage more widespread HRM adoption by greater recognition of the human risk challenge and awareness of HRM as a formal discipline, broader senior leadership and board-level endorsement of HRM (as a cornerstone of business continuity, reputation management and risk mitigation), and embedding HRM more closely within compliance and regulatory frameworks, such as those mandated by POPIA and outlined in corporate governance standards.
Share