There has been another warning for consumers that South Africa faces an unprecedented surge in cybercrime this festive season.
Mongezi Mpahlwa, partner at law firm Cox Yeats, says the firm has observed a dramatic increase in cyberattacks targeting consumers and businesses.
“Attackers are expected to exploit the surge in online shopping and digital transactions, leveraging fake stores, phishing emails, malicious QR codes and AI-powered impersonation.”
South Africa experienced an average of almost 300 notifications per month of formally reported data breaches, he notes.
ALSO READ: SA data breaches surge 40% as regulator warns of cybersecurity shortfalls
Be vigilant and watch out for cybercrime all the time
Cox Yeats has observed a dramatic increase in cyberattacks over the festive season targeting consumers and businesses, with consequences that extend far beyond financial loss, Mpahlwa says.
“We encourage everyone to remain vigilant. Attackers are expected to exploit the surge in online shopping and digital transactions, leveraging fake stores, phishing emails, malicious QR codes and AI-powered impersonation to steal credentials and payment information.
“The firm recommends verifying the legitimacy of all communications, using only official channels for transactions and avoiding transactions on public Wi-Fi. Consumers should rather use a company VPN or mobile data and report any suspicious activity to the appropriate authorities.”
ALSO READ: SA prime target for cybercrime
Extent of cybercrime problem in SA
Mpahlwa says recent data paints a sobering picture. According to the Information Regulator, South Africa experienced 2 374 formally reported data breaches between April 2024 and March 2025, averaging around 200 incidents every month.
He says the situation worsened in the current financial year, with 1 947 breaches reported from April 2025 to date, an average of almost 300 notifications per month. This represents a 40% spike in security compromises across the country, a trend the Information Regulator describes as deeply concerning.
The attacks have not spared any sector, Mpahlwa says, affecting government departments, healthcare providers, financial institutions and businesses of all sizes that fell victim to ransomware, data theft and extortion.
“High-profile incidents include the theft of 1.6 terabytes of sensitive government data, the disruption of critical medical services and the exposure of customer information at major retailers and telecoms providers.”
ALSO READ: Cybersecurity an ‘economic and safety imperative’
Cost of cybercrime is astronomical
The numbers are scary. Mpahlwa says the average cost of a data breach is R49 million. “The economic impact is staggering. South African consumers lost more than R1 billion in 2023 alone due to digital banking and mobile app crimes.
“The average cost of a data breach for a local business now stands at R49 million, a figure that can be devastating for small and medium-sized enterprises. The South African Banking Risk Information Centre (SABRIC) reported annual losses of up to R3.3 billion from cyber-attacks, with digital banking fraud surging by 45% and related financial losses rising by 47% in the past year.
Experts warn that the true cost is likely even higher, as many incidents go unreported or are quietly settled.
The numbers are also concerning for consumers with 70% falling victim to cybercrime. Mpahlwa says consumers are not immune. “Surveys show that 70% of consumers were victims of cybercrime, compared to 50% globally, while 35% of respondents admitted to losing money due to scams and 32% have clicked on phishing emails.
“The emotional toll is equally severe, with 58% of people in South Africa expressing deep concern about falling victim to cybercrime, a dramatic increase from previous years. The rise of artificial intelligence has made it easier for criminals to impersonate trusted brands, colleagues or even family members, amplifying the risk of social engineering and fraud.”
ALSO READ: South Africa remains a global hotspot for data breaches
SA second-most targeted for ransomware
Mpahlwa says ransomware is another monster, with South Africa, the second-most targeted in Africa.
“The threat landscape is evolving rapidly. Ransomware remains the most disruptive danger, with South Africa ranking as the second-most targeted nation in Africa and the third most targeted globally for cyber-attacks.
“Attackers are increasingly using double extortion tactics, threatening to leak sensitive data unless a ransom is paid. Sectors such as retail, technology, healthcare and professional services are all in the crosshairs and small businesses are particularly vulnerable due to limited resources and awareness.
“The commoditisation of stolen data and access credentials on underground platforms such as the dark web has further fuelled the cycle of extortion, disruption and espionage.
“We urge organisations in particular to take immediate action and ensure they are covered for financial loss and liability arising from cyber-attacks, data breaches, ransomware, business interruption and regulatory fines,” Mpahlwa says.
About the Author
