Experts urge the South African government to prioritise the enforcement of SIM card registration laws as a critical step in combating rising cyber crime, following a renewed commitment to address systemic flaws and enhance national security.
Image: IOL / RON AI
MILLIONS of South Africans are believed to be affected following a surge in cybersecurity breaches targeting key state and private institutions, compromising their confidential medical and financial data..
Despite the rising risk, institutions continue to underspend on cybersecurity, even though data breaches reached $2.78 million in 2024.
Between April 2025 and March 2026, the Information Regulator received 3 219 data breach notifications. Of these, 1 858 were linked to the financial services sector.
The regulator says the leaks are largely driven by human error and internal system failures rather than external cyberattacks. It says 2 677 notifications were classified as “non-cyber compromises”, including human errors and organisational practices, while cyber compromises accounted for 250 incidents involving malicious intent and 12 non-malicious cases.
Spokesperson Nomzamo Zondi says not every security compromise results in a formal investigation.
“Notifications are evaluated using a risk-rating matrix that considers the severity of the incident, the nature of the personal information involved, the number of affected data subjects, potential harm, and any indications of noncompliance. Incidents assessed as high risk or indicative of systemic issues are prioritised for investigation. Low-risk notifications, which account for 2,595 of the 3,219 notifications received, do not require investigation unless trends emerge that suggest a possible systemic problem.”
However, cyber experts say the issue is systemic, and that both cyberattacks and human error are driving the exposure of sensitive systems.
Chris Norton from cybersecurity company Kaspersky says attacks on major institutions are not isolated events.
“They reflect a broader shift towards credential theft, weakly protected cloud access, phishing, and the reuse of compromised data at scale.”
He says stolen login details are increasingly central to cybercrime, noting that “more than one million online banking accounts were compromised globally in 2025 by infostealers,” creating what he describes as “a more persistent, quieter threat environment.”
And despite growing awareness, Norton says most organisations are slow to respond to potential threats, relying on fragmented tools, manual processes, and reactive controls that can lead to alert fatigue and gaps in policy enforcement.
“In South Africa, only 46% of professionals surveyed by Kaspersky reported receiving training on digital threats, even though half encountered scams disguised as internal or supplier messages in the past year,” he says.
Nortons says that ransomware, phishing, and AI-driven scams are changing the kind of threats received , while deepfakes and AI-enabled impersonation are making it harder to detect malicious communications.
“Phishing remains highly effective because it is cheap, scalable, and increasingly convincing, while AI raises the baseline sophistication of impersonation, fraud, and malicious content,” he says.
Experts say attackers are increasingly targeting organisations that store large volumes of sensitive personal and national data.
Statistics South Africa, the South African Weather Service, the Department of Justice and Constitutional Development, Department of Home Affairs, the Companies and Intellectual Property Commission, Standard Bank, and Liberty Holdings are among the affected institutions.
In one recent case, when the National Credit Regulator’s system was compromised, people who had completed their debt review process were unable to log in and clear their names.
Richard Ford, a cybersecurity expert at Integrity360, says organisations hit by ransomware must prioritise containment and governance in the early stages of an attack.
“The immediate priority must be shifting from a ‘preventative-first’ mindset to continuous exposure management,” he explains. “Effective containment relies on 24/7 vigilance through a Security Operations Centre to identify and isolate abnormal activity in real time.”
Ford cautions against relying on ransom payments when systems are compromised.
“When data is exfiltrated, paying a ransom is an exercise in misplaced trust, as there is no guarantee a criminal will delete sensitive files,” he says.
He notes that data breaches at public institutions reveal a concerning gap between the importance of public sector data and the maturity of cybersecurity controls protecting it.
Ford says organisations should adopt a security-first approach, including Zero Trust Architecture, managed detection and response, and stronger data governance.
While cybersecurity failures carry a hefty price tag running into millions of dollars, the South African Reserve Bank says the systems meant to prevent these losses remain under pressure.
It says electricity instability continues to disrupt digital infrastructure, with outages and power fluctuations exposing networks to failure. It notes that even backup power systems which are often used during load-shedding, don't always have the correct security features to guard against cyber threats, creating more system vulnerability.
Given the scale of cyberattacks, INTERPOL has joined forces with multiple countries including South Africa to disrupt online threats, dismantle criminal networks, and protect users from digital harm,like ransomware, phishing, scams, and business email compromise schemes.
During Operation Synergia III (18 July 2025 – 31 January 2026), they took down more than 45,000 malicious IP addresses and servers. The operation involved law enforcement from 72 countries and led to 94 arrests, with 110 individuals still under investigation.
INTERPOL’s Director of Cybercrime said: “Cybercrime in 2026 is more sophisticated and destructive than ever before, but Operation Synergia III stands as a powerful testament to what global cooperation can achieve. INTERPOL remains at the forefront of this fight, uniting law enforcement agencies and private sector experts to dismantle criminal networks, disrupt emerging threats and protect victims around the world.”
Meanwhile the breach at StatsSA has drawn a strong response from the Public Servants Association (PSA). The union says the incident should serve as a wake-up call to act as a matter of urgency.
“The PSA views this breach as a serious warning about the vulnerability of government systems, particularly those hosting sensitive personal information of citizens and job seekers. The growing incidence of targeted attacks against public-sector digital infrastructure demonstrates the urgent need for a comprehensive cybersecurity overhaul across all government departments,” the organisation said.
It added that ordinary South Africans now face heightened risks. “Citizens are placed at risk of identity theft, fraud, and misuse of personal information.”