The South African Reserve Bank (SARB) has warned that cyber attacks are a systemic danger to the country’s financial stability at a time when the global economic situation is as uncertain as during COVID-19.
According to the central bank, a cyber attack on South Africa’s financial system could result in a ripple effect throughout the economy – essentially an economic heart attack.
South Africa’s gross domestic product grew a mere 0.1% in the first quarter of the year, although this was better than economists had expected. SARB also said low growth is a danger to financial stability.
In the first edition of its Financial Stability Review (FSR) for 2025 – a biannual report – it warned: “The financial sector could fall victim to a situation where a single [cyber] disruption could simultaneously impair multiple institutions, triggering a systemic event.”
Addressing media during a briefing on the report, Nicola Brink, head of the central bank’s financial stability department, said the current global financial environment is as uncertain as during the peak of the pandemic.
Highlighting the negative impact of cyber attacks, SARB said data breaches last year cost the country $2.78 million (R50.06 million at the current exchange rate of R18 to the dollar), which it said was $100 000 down from 2023 – R50 million.
“Despite this small reduction, the average cost remains high,” the FSR noted.
Given the cost of data breaches, SARB notes South Africa is not spending enough on cyber security, as this “remains below the mature market benchmark of 0.25% of GDP” each year.
The constant threat of load-shedding, which SARB diplomatically calls “electricity-supply challenges,” adds to cyber security vulnerabilities by exposing digital infrastructure to cyber attacks, even though the grid has been more stable recently, with minimal disruptions since late March last year.
“In addition, backup power systems often lack robust security protocols,” its report states.
However, SARB notes that a cyber range exercise, held between 11 and 14 March, found the financial sector was resilient to cyber attacks and its cyber security practices were mature “in line with international standards”.
The exercise was run in collaboration with CybExer using the Bank for International Settlements (BIS) cyber range infrastructure. BIS is the bank of all banks’ monetary authorities and provides services like clearing and settlement, financial transactions and managing international reserves.
The drill saw 45 participants from 19 financial institutions tackle sophisticated cyber threats. Organisers split participants into six balanced teams, mixing skillsets based on cyber security proficiency.
Teams were tested across realistic client-side, network and web application attack scenarios, simulating advanced threats like phishing, privilege escalation, supply chain compromise, data exfiltration and lateral movement through segmented networks.
Participants were praised for their high skill levels as they demonstrated sharp situational awareness and tight coordination under pressure, the report said. Importantly, those who took part effectually used sophisticated monitoring tools to detect and counter complex attacks.
The FSR noted that such exercises are invaluable for exposing cyber professionals to real world cyber threats, but in a controlled environment.
In an increasingly complex cyber environment in which there is rapid development of new technologies, ongoing geopolitical uncertainties and a widening skills gap in the cyber security industry, such pen tests also highlight economic vulnerabilities.
“This complexity has broadened the gap between advanced and emerging economies, and has increased the disparities between different sectors in the economy. Increased geopolitical tensions further raise the likelihood of cyber attacks. Cyber attacks on financial institutions have become so common that protecting against them is now routine,” the FSR stated.
The increased geopolitical tensions, such as the ongoing trade war instigated by US president Donald Trump on 2 April, firefighting between Russia and Ukraine, and – separately – the war between Isreal and Iran, are also issues the central bank cited as risks.
Despite these concerns, SARB governor Lesetja Kganyago said the “financial system has a high degree of resilience”.
Share