- Cybercrime incidents spike during the festive season, as criminals exploit increased online shopping and digital payments.
- South Africa now reports almost 300 data breaches per month, with losses totalling billions of rands.
- Legal experts warn that ransomware and AI-driven impersonation pose severe risks to both businesses and consumers.
South Africa is facing an unprecedented surge in cybercrime this festive season, with criminals increasingly targeting consumers and businesses through sophisticated digital scams.
A leading law firm specialising in cyber insurance and financial risk has warned that the spike in online shopping, travel bookings and digital transactions is creating fertile ground for cybercriminals to exploit unsuspecting victims.
Cox Yeats, a prominent South African law firm with expertise in cyber insurance and financial lines, has observed a dramatic rise in cyberattacks in recent months. The firm’s Business Rescue, Restructuring, Insolvency and Insurance team has expressed growing concern over the scale and complexity of these attacks, warning that the consequences extend far beyond immediate financial losses and may include long-term reputational damage, regulatory penalties and business disruption.
“Cox Yeats encourages everyone to remain vigilant,” said Cox Yeats partner Mongezi Mpahlwa. “Attackers are expected to exploit the surge in online shopping and digital transactions by leveraging fake online stores, phishing emails, malicious QR codes and AI-powered impersonation to steal credentials and payment information.”
Mpahlwa stressed that consumers and businesses should verify the legitimacy of all communications, transact only through official channels and avoid conducting sensitive transactions over public Wi-Fi networks. “Where possible, people should use company VPNs or mobile data, and any suspicious activity should be reported to the appropriate authorities,” he said.
Data breaches are rising at an alarming pace
Recent figures released by the Information Regulator paint a troubling picture of the country’s cybercrime landscape. Between April 2024 and March 2025, South Africa recorded 2 374 formally reported data breaches, averaging roughly 200 incidents per month. In the current financial year, however, the situation has deteriorated sharply.
From April 2025 to date, 1 947 data breaches have already been reported, translating to an average of almost 300 notifications every month. This represents a 40 percent increase in reported security compromises, a trend the Information Regulator has described as deeply concerning.
Cyber-attacks have affected every sector of the economy. Government departments, healthcare institutions, financial service providers and private businesses of all sizes have fallen victim to ransomware attacks, data theft and extortion schemes.
High-profile incidents have included the theft of 1.6 terabytes of sensitive government data, disruptions to critical medical services, and the exposure of customer information held by major retailers and telecommunications companies.
Billions lost as cybercrime takes its toll
The financial impact of cybercrime in South Africa has reached staggering levels. In 2023 alone, consumers lost more than R1 billion to digital banking and mobile application crimes. For businesses, the consequences can be even more severe. The average cost of a data breach for a South African company is now estimated at approximately R49 million, a figure that can cripple small and medium-sized enterprises.
The South African Banking Risk Information Centre has reported annual losses of up to R3.3 billion linked to cyber-attacks, with digital banking fraud increasing by 45 percent and related financial losses rising by 47 percent over the past year. Industry experts caution that these figures may understate the true extent of the damage, as many incidents are either not reported or resolved confidentially.
Ordinary consumers are bearing the brunt of the cybercrime surge. Surveys indicate that 70 percent of South African consumers have fallen victim to some form of cybercrime, compared to a global average of 50 percent. More than a third of respondents reported losing money to scams, while nearly a third admitted to clicking on phishing emails.
Beyond financial loss, the psychological impact is significant. Fifty-eight percent of South Africans now report deep concern about becoming victims of cybercrime, reflecting a sharp increase in anxiety around digital safety. The growing use of artificial intelligence by criminals has exacerbated these fears, enabling convincing impersonation of trusted brands, colleagues and even family members, and dramatically increasing the effectiveness of social engineering scams.
Ransomware places South Africa in the global crosshairs
Ransomware remains one of the most disruptive cyber threats facing the country. South Africa is currently ranked as the second-most targeted nation in Africa and the third-most targeted globally for cyber-attacks. Criminal groups are increasingly deploying double extortion tactics, encrypting systems while simultaneously threatening to leak stolen data unless ransoms are paid.
The retail, technology, healthcare and professional services sectors have emerged as primary targets, while small businesses remain particularly vulnerable due to limited cybersecurity resources and awareness. The ready availability of stolen data and access credentials on underground markets has further intensified the cycle of extortion, disruption and digital espionage.
“As Cox Yeats, we urge organisations to take immediate action to protect themselves,” Mpahlwa said. “Businesses must ensure they are adequately covered for financial loss and liability arising from cyber-attacks, data breaches, ransomware incidents, business interruption and regulatory fines.”
He added that firms such as Cox Yeats play a critical role in advising on cyber insurance policy wording, resolving coverage disputes and defending claims, while also guiding organisations through incident response, regulatory compliance and recovery planning in the aftermath of cyber incidents.
Get your news on the go. Click here to follow the Conviction WhatsApp channel.
