As South Africa prepares for Black Friday and the festive season, law firm Cox Yeats is issuing an urgent warning about the escalating threat of cybercrime.
The firm’s business rescue, restructuring, Insolvency, and Insurance team has observed a dramatic increase in cyber-attacks targeting both individuals and businesses, with consequences that extend far beyond financial loss.
“As the festive season approaches, Cox Yeats encourages everyone to remain vigilant. Attackers are expected to exploit the surge in online shopping and digital transactions, leveraging fake stores, phishing emails, malicious QR codes, and AI-powered impersonation to steal credentials and payment information,” says Cox Yeats partner Mongezi Mpahlwa.
“The firm recommends verifying the legitimacy of all communications, using only official channels for transactions, and avoid transactions on public WiFi; or rather use company VPN or mobile data. Any suspicious activity must be reported to the appropriate authorities.”
Recent data paints a sobering picture. According to the Information Regulator, South Africa experienced 2 374 formally reported data breaches between April 2024 and March 2025, averaging around two hundred incidents every month.
The situation has worsened in the current financial year, with 1 947 breaches reported from April 2025 to date – an average of almost three hundred notifications per month. This represents a forty percent spike in security compromises across the country, a trend described as deeply concerning the Information Regulator.
The attacks have not spared any sector: government departments, healthcare providers, financial institutions, and businesses of all sizes have fallen victim to ransomware, data theft, and extortion.
High-profile incidents include the theft of 1.6 Terabytes of sensitive government data, the disruption of critical medical services, and the exposure of customer information at major retailers and telecoms providers.
R48m the average cost of a data breach
The economic impact is staggering. South African consumers lost more than R1-billion in 2023 alone due to digital banking and mobile app crimes. The average cost of a data breach for a local business now stands at R49-million, a figure that can be devastating for small and medium-sized enterprises.
The South African Banking Risk Information Centre (SABRIC) has reported annual losses of up to R3,3-billion from cyber-attacks, with digital banking fraud surging by 45% and related financial losses rising by 47% in the past year.
Experts warn that the true cost is likely even higher, as many incidents go unreported or are quietly settled.
Individuals are not immune. Surveys show that 70% of South Africans have fallen victim to cybercrime, compared to 50% globally. Thirty-five percent of respondents admitted to losing money due to scams, and 32% have clicked on phishing emails.
The emotional toll is equally severe, with 58% of South Africans expressing deep concern about falling victim to cybercrime a dramatic increase from previous years.
The rise of artificial intelligence has made it easier for criminals to impersonate trusted brands, colleagues, or even family members, amplifying the risk of social engineering and fraud.
Ransomware: SA is a target
The threat landscape is evolving rapidly. Ransomware remains the most disruptive danger, with South Africa ranking as the second-most targeted nation in Africa and the third most targeted globally for cyber-attacks.
Attackers are increasingly using double extortion tactics, threatening to leak sensitive data unless a ransom is paid.
Sectors such as retail, technology, healthcare, and professional services are all in the crosshairs, and small businesses are particularly vulnerable due to limited resources and awareness.
The commoditisation of stolen data and access credentials on underground platforms such as the dark web has further fuelled the cycle of extortion, disruption, and espionage.
“As Cox Yeats, we urge organisations in particular to take immediate action and to ensure they are covered for financial loss and liability arising from cyber-attacks, data breaches, ransomware, business interruption, and regulatory fines,” says Mpahlwa.