As South Africa’s digital economy matures, so too does its exposure to cyberthreats, and the country is now among the top 10 most targeted regions for cyberattacks globally. However, local businesses remain dangerously underprepared, as leaders continue to underestimate their greatest vulnerability: people.

AI is driving a new wave of cybercrime, enabling larger and more expensive data breaches that are increasingly difficult to detect and challenging to stop. Attackers now make use of hyper-realistic, automated social engineering tactics and malware that can learn from its surroundings and change behaviour in real time to evade security defences.

To further complicate things, the availability of fraud kits and services on the Dark Web has commoditised cyberattacks with providers offering bulk discounts, profit-sharing models, and even monthly subscriptions, turning fraud into an affordable and sustainable job opportunity for criminals.

 

A nation under siege

South African business leaders are no slouches when it comes to their eagerness to protect their staff and customers from digital threats. In their Digital Trust Insights Survey 2025, PwC finds local organisations to be more proactive than the global average, with 66% prioritising mitigating cyber risks and 29% expecting a notable budget increase to do so in 2025.

And this is just as well since South Africa is now the most targeted country in Africa, when it comes to infostealer and ransomware attacks, according to the latest ESET bi-annual Threat Report. Data from the report shows that over 40% of ransomware attacks, and just under 35% of infostealer incidents on the continent occurred in South Africa.

“South Africa is among the top 10 most targeted regions for cyberattacks globally, yet it ranks as one of the lowest in those 10 when it comes to cybersecurity education and preparedness,” says Heino Gevers, senior director: technical support at Mimecast. “It’s alarming to see how many security leaders are still stuck in the world of fixing the systems to curb attacks, while not recognising that people are the biggest risk of all.”

Gevers acknowledges that the challenges facing South African businesses are multifaceted, saying a chronic shortage of cybersecurity skills means that even large enterprises often lack dedicated in-house expertise, relying instead on third-party consultants.

Another major hurdle is the lack of integration and transparency.

“Many organisations operate a patchwork of security tools that don’t communicate with each other, making it difficult to detect and respond to threats in real time. They fail to develop that single pane of glass that’s fed by data points, keeping them on the back foot,” he says.

Moreover, while some companies have cyber resilience strategies, these are often not actively maintained or adapted to the rapidly evolving threat landscape. “They’ve got a cyber resilience strategy that’s got all the terms and components in it, but it’s hidden somewhere in the safe, in the basement. It’s not something that’s constantly front and centre being reviewed, revised, and documented,” Gevers observes.

 

People are the problem

As organisations harden the defences of their technical layers, criminals have moved on to softer targets, increasingly attacking humans, relying on their mistakes, fatigue, or simply lapses in vigilance.

According to Verizon’s annual Data Breach Investigations Report 2025, nearly two thirds (60%) of breaches that occurred in 2024, had “a nonmalicious human element,” in other words, breaches resulting from simple human error.

Protecting humans from themselves has become the most critical aspect of securing an organisation and this “community defence” relies on advanced Human Risk Management (HRM).

According to Forrester, HRM adoption has shifted from ‘innovative organisations’ and is now fast approaching the early majority. The trend indicates that while mass adoption has not yet been reached, the practice is gaining significant traction, with most organisations expected to adopt HRM platforms and methodologies by late 2026.

However, Gevers is quick to point out that while globally, HRM may have moved from buzzword to best practice, South Africa is still playing catch-up.

 

Using AI to fight AI

HRM offers real-time behavioural monitoring from across the organisation, rapid response, and adaptive training to directly confront the social engineering and manipulation tactics GenAI attackers use. In a nutshell, Human Risk Management focuses on real-time, personalised interventions that help employees make better security decisions as they work.

“If you expand where, when and how you educate your teams, you have significantly more touchpoints or teachable moments. Rather than tedious once-a-month sessions, you can provide your staff with real-time nudges that give them guidance on how to respond to threats as they present themselves across any of the digital channels they may find themselves in. That’s when people learn at their best,” Gevers says.

Understanding how users are likely to behave is key and Mimecast’s AI-driven platform leverages 22 years of data to adapt security measures in real-time, promoting good behaviour and reducing risks. The platform autonomously adjusts profiles based on specific user behaviours, learning all the time, making it relevant in the moment – and because it connects with more than 300 other security and IT solutions through established API alliances, those protections extend seamlessly across the wider technology environment.

“South African businesses must move beyond technical fixes and embrace a holistic, human-centred approach to cybersecurity. This means investing in ongoing education, integrating tools for better visibility, and fostering a culture where employees are empowered to be the first line of defence,” Gevers says.