South Africa’s digital landscape is evolving at breakneck speed, but with this rapid progress comes a daunting surge in cyber threats. As of October 22, 2025, the country is not just among the top 10 most targeted regions globally for cyberattacks—it’s the most targeted nation in Africa for both infostealer and ransomware assaults, according to the latest ESET bi-annual Threat Report. Over 40% of ransomware attacks and just under 35% of infostealer incidents across the continent have struck South African organizations, painting a sobering picture for local businesses.
Yet, despite these alarming statistics, a surprising vulnerability persists: people. While technical defenses grow more sophisticated, attackers have shifted their focus to exploiting human error, fatigue, and lapses in vigilance. According to Verizon’s Data Breach Investigations Report 2025, nearly 60% of data breaches in 2024 involved a non-malicious human element. In other words, most breaches stemmed not from villainous insiders, but from ordinary mistakes—misaddressed emails, weak passwords, or a momentary slip in judgment.
Heino Gevers, Senior Director Technical Support at Mimecast, doesn’t mince words about the challenge. “South Africa is among the top 10 most targeted regions for cyberattacks globally, yet it ranks as one of the lowest in those 10 when it comes to cybersecurity education and preparedness,” he told CIO Africa. “It’s alarming to see how many security leaders are still stuck in the world of fixing the systems to curb attacks, while not recognising that people are the biggest risk of all.”
Indeed, the sophistication of cybercrime is escalating, fueled by artificial intelligence (AI) and the commoditization of attack tools. Criminals now deploy hyper-realistic, automated social engineering tactics and malware that adapts in real time to evade defenses. The Dark Web teems with fraud kits and services, where cyberattacks are sold with bulk discounts, profit-sharing models, or even monthly subscriptions—making cybercrime an affordable and, disturbingly, sustainable career for some.
South African business leaders are not sitting idle. PwC’s Digital Trust Insights Survey 2025 found that 66% of local organizations prioritize mitigating cyber risks, outpacing the global average, and 29% expect a notable budget increase for cybersecurity in 2025. Still, the country faces a chronic shortage of cybersecurity skills, forcing even large enterprises to rely on third-party consultants rather than in-house experts. This skills gap, coupled with a patchwork of disconnected security tools, leaves companies struggling to detect and respond to threats in real time. “Many organisations operate a patchwork of security tools that don’t communicate with each other, making it difficult to detect and respond to threats in real time. They fail to develop that single pane of glass that’s fed by data points, keeping them on the back foot,” Gevers explained.
Complicating matters further, some companies have cyber resilience strategies, but these plans often gather dust. “They’ve got a cyber resilience strategy that’s got all the terms and components in it, but it’s hidden somewhere in the safe, in the basement. It’s not something that is constantly front and centre being reviewed, revised, and documented,” Gevers observed. The upshot? While technical defenses are essential, they’re not enough. As Gevers put it, "South African businesses must move beyond technical fixes and embrace a holistic, human-centred approach to cybersecurity. This means investing in ongoing education, integrating tools for better visibility, and fostering a culture where employees are empowered to be the first line of defence."
This is where Human Risk Management (HRM) comes into play. Globally, HRM is gaining traction and is expected to reach widespread adoption by late 2026, according to Forrester. HRM focuses on real-time behavioral monitoring, rapid response, and adaptive training—essentially, helping employees make smarter security decisions as they work. Mimecast’s AI-driven platform, for example, leverages 22 years of data to adapt security measures in real-time, promoting good behavior and reducing risks. The platform autonomously adjusts user profiles based on behavior, learns continuously, and connects with more than 300 other security and IT solutions through established API alliances.
Gevers believes that the key to success is in the details of daily work routines: “If you expand where, when and how you educate your teams, you have significantly more touchpoints or teachable moments. Rather than tedious once-a-month sessions, you can provide your staff with real-time nudges that give them guidance on how to respond to threats as they present themselves across any of the digital channels they may find themselves in. That’s when people learn at their best.”
But while HRM is moving from buzzword to best practice in many parts of the world, South Africa is still playing catch-up. The need for ongoing education and a culture of vigilance is urgent. Attackers are no longer just targeting systems—they’re targeting humans. As organizations harden their technical defenses, criminals simply move on to the next weakest link: the people behind the screens.
Recognizing this, some South African companies are stepping up their game. On October 22, 2025, local internet service provider Vox announced a new cybersecurity division in partnership with Sophos, one of the world’s leading cybersecurity solution providers, aimed squarely at small and medium enterprises (SMEs). Vox introduced five Sophos products: the Sophos XGS Series firewall (AI-powered threat prevention and zero-day defense), Sophos Intercept X (combining deep learning AI and anti-ransomware), Sophos MDR (24/7 expert-led security as a service), Sophos XDR (providing visibility across all critical attack surfaces), and Sophos Phish Threat (proactive workforce education to prevent costly mistakes).
Audrey Vadival, head of division: Security and Value-added Services at Vox, summed up the approach: “Our partnership with Sophos gives us the ability to create world-class security solutions which leverage next-generation protection capabilities like AI within a local, managed services model that makes high-end protection both accessible and affordable.” Throughout October 2025, Vox is running a promotion bundling its Fibre and Sophos Firewall, aiming to make advanced cyber defense available to businesses of all sizes.
Pieter Nel, sales director SADC at Sophos South Africa, echoed this sentiment: “Our partnership with Vox brings the full strength of Sophos’ MDR, XDR and AI-driven technologies directly into a locally managed service model, making advanced cyber defence accessible to businesses of all sizes. Together, we are ensuring South African organisations can detect and stop ransomware and other cyberattacks before they cause disruption or financial damage.”
The push isn’t limited to businesses. Vox is also offering affordable cybersecurity packages for home users, with Norton Family and Norton 360 Deluxe subscriptions starting at R27.90 and R35.10 per month, respectively, and annual packages that include two free months. This broad approach underscores a growing recognition: whether at the office or at home, everyone is a potential target—and everyone has a role to play in defense.
The cybersecurity battle in South Africa is intensifying, with criminals becoming more cunning and attacks more frequent. But as organizations and service providers rally—embracing AI, integrated solutions, and a focus on human behavior—the tide may yet turn. The question is no longer whether South Africa will be targeted, but how prepared its people and businesses will be when the next attack comes knocking.
