It’s only going to get worse for this type of crime in South Africa

 ·19 Dec 2024

The rise of cybercrime in South Africa poses an ever-increasing threat to the country’s economy and critical information infrastructure.

In a response to a question posed to her by MK MP Glen Taaibosch about the rise in cybercrime across the nation, Minister in the Presidency Khumbudzo Ntshavheni said that “it is indeed accurate that South Africa, like many countries globally, is seeing an increasing occurrence of cybercrime incidents and cyber-attacks.”

In fact, Cybersecurity Ventures expects cybercrime to cost the world $10.5 trillion annually by 2025, exponentially bigger than the size of the global industry fighting to keep said damages at bay (in 2023, the international cybersecurity market was worth approximately $172 billion).

Insurance company Allianz Commercial recently warned that cyber claims as a result of attacks have continued to rise over the past year.

The company said that the frequency of large cyber claims (~R20 million) in the first six months of 2024 was up 14%, while severity increased by 17% following just a 1% increase in severity during 2023.

It ranks South Africa as 14th globally in the highest average cost of a data breach.

Sophos’ State of Ransomware in South Africa report for 2024 also painted a bleak picture, showing that the mean ransom payment made by firms was $958,110 (R17.9 million) compared to the average recovery cost of $1.04 million (R19.44 million).

Ntshavheni said that these attacks “affect all sectors of our economy, such as telecommunications, financial, transportation, energy, education, health and so on, all of which are considered to be critical sectors in our economy.”

The Minister added that ransomware attacks in both the private and public sectors have been the most prevalent threat over the past year.

Minister in the Presidency Khumbudzo Ntshavheni

Some of the most widely reported incidents in the public sector include the National Health Laboratory Service (NHLS) and the Government Employees Pension Fund (GEPF).

Looking at the NHLS, in June of 2024 its IT systems, including email and patient result systems, were compromised, leading to a temporary shutdown.

The attack was suspected to be ransomware, causing damage and potentially data exfiltration, with incident highlights vulnerabilities within South Africa’s critical healthcare infrastructure.

With regard to the GEPF, for months the self-service functionality on its web platform and app was still offline due to the data breach at the Government Pensions Administration Agency (GPAA).

The GEPF shut down its systems in late February 2024 following a GPAA security breach.

It said no data was compromised during the breach and that payments were unaffected. However, several of its systems remained offline for months.

Another notable cyber attack was in 2023, when a ransomware gang calling itself “Snatch” claimed responsibility for exfiltrating 200 terabytes of data from the South African Department of Defence (DOD).

In addition to leaking DOD data, Snatch also posted the contact information of several senior government officials online — including phone numbers it says belong to President Cyril Ramaphosa.

Going forward

Ntshavheni admitted that threats to the country’s critical information infrastructure “will continue to rise and some of these threats will materialise.”

She said that this is “exacerbated by South Africa’s advanced Communications Infrastructure, the country’s standing in the global community and other geopolitical events.”

When asked what is set to be done to combat this, Ntshavheni said that the “State Security Agency continues to collaborate with entities both in the public and private sectors to monitor, detect and respond to these threats to our critical information infrastructure.”

Despite increased cybersecurity investments, experts say that many data breaches across the country result from inadequate protections within organisations and their supply chains, leading to costly claims, fines, and litigation.

While these are concern, experts say that companies and entities can mitigate this.

Allianz recommends mitigating breach risks through good cyber hygiene, such as strong access controls, backups, and employee training. Many companies also need better oversight of cyber weaknesses in their supply chains.

Rishi Baviskar, Global Head of Cyber Risk Consulting at Allianz, noted that early detection and response are crucial, as undetected breaches can escalate significantly in cost. AI is increasingly vital in detecting and isolating breaches, reducing claims costs and duration, and potentially saving millions.


Read: Ramaphosa to sign off massive e-toll bailout – passed in new R5 billion bill

Show comments
Subscribe to our daily newsletter