The rapid rise of cyber risk in South Africa

South Africa

South Africa has in recent years seen a stark increase in the commission of crimes relating to cyber crime and/or cyber security breaches. It is thus no surprise that South Africa has rapidly garnered the reputation of a global hot spot for cybercrime, ranking sixth in the world for cyber crime density. Further to this, South Africa has now registered the largest year‑on‑year increase in cyber crime and has seen an increase in excess of 200% in cyber-attacks since 2019.

For organisations, the potential financial losses resulting from cyber‑attacks can be astronomical, which is only exacerbated by consequential reputational damage that they potentially stand to suffer. For these reasons, it is now imperative that organizations develop an in-depth understanding of the cyber risks they are exposed to so that they may plan accordingly and develop the necessary systems to mitigate the losses associated with cyber-attacks.

What is Cyber Risk?

Broadly speaking, cyber risk relates to a risk of financial loss, operational disruption and/or damage resulting from the failure of certain digital technologies/systems used for various operational and/or informational functions in an organisation. This risk is introduced to network systems through the unauthorized access, use, disclosure, disruption or modification of the system.

Cyber-attacks can take various forms, however, in their essence, they maintain a certain commonality in that they generally relate to a malicious and deliberate attack by an individual or organization to gain unauthorized access to another organization’s network for purposes of damaging, stealing or disrupting certain IT assets, computer networks or any other form of sensitive data.

The various forms of Cyber Attacks


Malware is commonly known as a malicious code or software inserted into a system to compromise the confidentiality, integrity or availability of data. The introduction of Malware into a system is done covertly to compromise data, applications and the entire operating system. During December 2021, a large South African Bank suffered a data breach that compromised the personal information of property owners through the unauthorised access to their confidential information. Malware can often be inserted into a system through “Phishing” scams. “Phishing” scams involve deceiving individuals into either clicking on malicious links or revealing sensitive or personal information for purposes of stealing money and/or their identity to commit further crimes.


Ransomware prevents or limits a user from accessing their system by entering computer networks and encrypting files through the use of public-key encryption. Ransomware differs from Malware in that the encryption key stays on a cyber criminal’s server. The cybercriminal then demands some form of ransom payment to reinstate an organisation’s access to system data. In March 2022, Transunion was the target of a ransomware breach in which the personal and business data of more than 10 million individuals and organisations across South Africa was compromised.

Distributed Denial of Service (“DDOS”) Attacks

DDoS attacks are designed to render an online service unavailable by overwhelming it with excessive traffic from various sources. The response time of a website would typically slow down significantly, which has the consequence of preventing access to the website during a DDoS attack. DDoS attacks are often used as a means to distract organisations while more intrusive cyber-attacks are being attempted by cyber criminals.

Business Email Compromise (“BEC”)

Generally speaking, BEC scams are a form of email cybercrime which is intended to target an organisation for purposes of defrauding it. BEC scams are typically orchestrated through the use of email messages that appear to emanate from known sources making legitimate requests, whereas the source is likely a cybercriminal. Organisations with particularly weak computer network safeguards are usually the target of BEC scams, specifically those with minimal controls over online banking systems.

Whatsapp Scams

WhatsApp Scams have become a prevalent and effective tool to commit identity theft. The cyber-attacks are characterised by the theft and the processing of unsuspecting victims’ cell phone numbers for purposes of impersonating them to their friends and family members to request emergency money transfers. In recent years, WhatsApp scams have gained popularity and in certain circumstances, these scams can have irreversible consequences for victims.

Risk Factors and Common Mistakes

Inadequate training and human error

An organisation’s employees are often a first line of defence against cyber‑attacks.  Cyber‑attacks are often perpetrated by targeting employees who fail to observe the appropriate cyber security protocols in the course of their employment. Employees often expose organisations to various cyber‑attacks through password compromises and/or delivering emails to the incorrect recipients. It is thus imperative that organisations conduct comprehensive cybersecurity awareness programmes to train employees in recognizing and responding to cyber threats.

A lack of an Incident Response Plan (“IRP”)

IRP’s assist organisations in developing a plan and operational framework for responding appropriately to cyber‑attacks and data compromises. During cyber-attacks, time is often of the essence and organisations that fail to develop effective IRPs are often unable to respond appropriately to cyber threats leading to further losses and damage.

Legacy Systems v Intermittent System and Software updates

Legacy systems are associated with outdated technology which has not been sufficiently updated over time. Organisations holdover legacy systems from early periods in their history in a bid to save costs, however, the cyber security risks that organisations are exposed to over time as a result of their reliance on legacy systems is untenable. Further to this, cyber threats are in constant evolution, and as such, an organisation can develop significant exposure to cyber threats in a relatively short period of time. It is thus essential that organisations regularly update technological hardware and system security networks.

Organisations can no longer afford to ignore the risks posed by cyber threats. A failure to observe and respond to these risks puts any organisation in the firing line of various cyber criminals, some of which rely on complex cyber scams predicated on rapid technological developments which are invariably re-engineered to target unsuspecting victims. Mitigating the risks associated with cyber-attacks will require organisations to adopt a forward-thinking dynamic approach designed to integrate effective and rapidly evolving cyber security mechanisms.