Law firm warns of rising cybercrime threats amid festive season celebrations

As the holiday season unfolds, a South African law firm has issued a warning regarding the accelerating threats of cybercrime that consumers and businesses are likely to face. With the festive season typically boosting online shopping and digital transactions, Cox Yeats’s Business Rescue, Restructuring, Insolvency, and Insurance team has identified an alarming increase in cyber attacks that carry ramifications beyond mere financial loss.

“Cox Yeats encourages everyone to remain vigilant. Attackers are expected to exploit the surge in online shopping and digital transactions, leveraging fake stores, phishing emails, malicious QR codes, and AI-powered impersonation to steal credentials and payment information,” said Mongezi Mpahlwa, a partner at Cox Yeats. To combat these threats, he advises verifying the legitimacy of all communications, using only official channels for transactions, and avoiding public Wi-Fi for sensitive activities. Instead, consumers should opt for secure company VPNs or mobile data for safer connections. “Any suspicious activity must be reported to the appropriate authorities,” he adds.

The scale of cybercrime is staggering. Recent data from the Information Regulator reveals that South Africa witnessed 2,374 formally reported data breaches between April 2024 and March 2025, averaging around 200 incidents every month. This trend has escalated in the current financial year, with 1,947 breaches logged from April 2025 to date — an unsettling average of nearly 300 notifications per month, a 40% increase from the previous period. Such statistics paint a bleak landscape for security in South Africa, with government departments, healthcare providers, financial institutions, and businesses of all sizes succumbing to ransomware, data theft, and extortion.

Highlighting the economic repercussions, South African consumers lost over R1 billion in 2023 due to digital banking and mobile app crimes. The average cost for a data breach among local businesses is estimated at R49 million, a figure that could cripple small and medium-sized enterprises. The South African Banking Risk Information Centre (SABRIC) has reported annual losses from cyber attacks up to R3.3 billion, with digital fraud increasing by 45% and related financial losses surging by 47% over the past year. Experts caution that many breaches go unreported or are settled quietly, indicating that actual losses could be even higher.

The psychological toll on consumers is equally dire — surveys show that 70% of consumers in South Africa have fallen victim to cybercrime, significantly higher than the global average of 50%. This translates to 35% of respondents admitting they have lost money due to scams and 32% having clicked on phishing emails. According to research, the heightened alarm surrounding cyber threats has left 58% of South Africans deeply concerned about becoming victims of cybercrime — a stark increase compared to past years. This worrisome trend is exacerbated by the rise of artificial intelligence, which criminals are now employing to impersonate trusted brands or individuals, escalating the risk of social engineering and fraud.

South Africa ranks as the second-most targeted country on the continent and third globally for cyber attacks, with ransomware standing out as the most disruptive threat. Attackers increasingly employ double extortion tactics, risking leaking sensitive data unless a ransom is paid. Sectors including retail, technology, healthcare, and professional services are particularly at risk, with small enterprises exposed due to constraints in resources and awareness. The booming underground market for stolen data and access credentials is intensifying the cycle of extortion and espionage.

As the festive shopping season develops, Cox Yeats urges organisations to take immediate action to ensure coverage for financial losses and liabilities arising from cyber attacks, data breaches, ransomware, business interruption, and regulatory fines. 

IOS