Cybercrime is no longer restricted to IT communities or telemarketing scams. Communities on the global stage are racing to tighten cybersecurity laws and expand digital protections but is South Africa struggling behind the curb? While facing an onslaught of cyberattacks, digital fraud, data breaches, and legislative gaps, there’s a growing fear amongst South African companies who are feeling exposed.
Increasing Pressures of Cybercrime
Cybersecurity expert, Surfshark, published its recent research on which countries are most impacted by cybercrime and South Africa has made it onto another top ten list – though this one is far from positive.
Phishing scams, ransomware, synthetic identity theft, and more have placed Mzanzi at number six. This makes South Africa the only African nation to feature.
Yet despite the rising threat, many feel that South Africa’s policy response has remained slow-moving. The Cybercrimes Act was signed into law in 2021 as a major milestone for the country but several believe its implementation has struggled due to understaffed police cybercrime units and limited digital forensic capacity. Investigations can take months to reach trial and with the rising prevalence of AI scams and fraud, it’s vitally important that South Africa increases its pace and awareness. Part of this includes enabling the public’s knowledge.
Countries like Australia and India have taken on this situation through national cyber incident portals where anybody can report suspicious cybercrime activity. Alongside this, they have created public awareness campaigns to increase the general knowledge surrounding the topic. Being aware of cybercrime in its various forms will allow those who are most vulnerable to cybercrime to defend themselves better.
When it comes to creating a proactive stance against cybercrime, knowledge is the most powerful tool in your arsenal.
Operation Red Card
Operation Red Card was conducted between November 2024 and February 2025 and featured a collaboration between several African countries with Interpol. The South African authorities directly assisted in a significant crackdown on cyber-enabled crime and through this, highlighted the true scale and complexity of cybercrime networks within South Africa.
Forty individuals were arrested in a sizable and sophisticated SIM box fraud scheme. Law enforcement seized over a thousand SIM cards and fifty-three computer systems that were used to reroute international calls as local ones to defraud telecom providers and facilitate large-scale phishing attacks.
At this scale, it’s easy to see why there are so many victims to cybercrime throughout the country – both businesses and individuals.
Online banking breaches cause dangerous reputational damage and highlight compliance failures while ai generated impersonation attacks can rapidly bypass weak identification verification systems. Phishing scams and data breaches occur at a global level and many struggle to keep ahead of the curve when new technologies are developed constantly.
Data breaches, reputational damage, and compliance failure cost businesses millions of rands annually. In a statement from Interpol, the impact on the economy is enormous as well with estimated figure being over two billion lost in the past year. Taking proactive responsibility has become a requirement for any organisation.
The Next Steps
With cybercrime in South Africa becoming increasingly prevalent, there’s a need for comprehensive training and robust processes to guide organisations in their fight against this shifting ecosystem.
It’s become vital for organisations to:
- Provide internal teams with continuous training in cyber risk and fraud prevention to ensure they’re aware of the current trends on the market in order to proactively identify threats.
- Implement and test cyber incident response plans to ensure readiness in the face of a crisis.
- Create strong AML processes to guard against synthetic ID fraud, deepfakes, and AI manipulated credentials. These are growing harder to distinguish from reality and require a keen eye and strong understanding to catch before they deal damage.
- Engage with local and global partners to share threat intelligence and gain a strong understanding of leading practices regarding these dangers.
FCRMC wants to help move companies from being reactive to proactive in the face of cybercrime. Our expert-led, locally focused training on all aspects of cyber risk provide teams with a solid understanding of the ins and outs of compliance while our dedicated risk management consultants work constantly to help companies catch vulnerabilities in their systems before criminals do.
Speak to us today to see how we can help each other stay ahead of these threats.