South Africa’s cybercrime problem is increasingly spilling into every corner of the economy, and risk consultancy Riskonet Africa says the only way to contain it is through strategic cooperation.
The firm is calling for joint cyberattack drills across banks, mobile operators and logistics companies, warning that current fragmented defences cannot cope with the scale of AI-driven fraud, SIM-swap scams and ransomware.
The latest South African Banking Risk Information Centre (SABRIC) report highlights the pressure points. Overall financial-crime losses dipped in 2024, but digital banking fraud jumped sharply, rising to nearly two-thirds of all cases. Reported incidents almost doubled to more than 64,000 and losses surged above R1.4 billion. Unlike in the past, most of these cases involved social engineering rather than direct breaches of bank systems, showing how criminals are exploiting human behaviour and weaknesses in the wider digital ecosystem.
“The idea that banks can simply absorb these losses is dangerously outdated,” says Volker Von Widdern, Risk Principal at Riskonet Africa. “Fraud has become a systemic risk. A SIM-swap at a telco, cascades into banking, insurance and logistics. A ransomware attack on a supplier can stall production, corrupt data and strand customers. Recovery is not guaranteed, and reputational damage is immediate.”
The risks are mounting quickly. INTERPOL has identified South Africa as one of Africa’s top ransomware targets, with recent attacks already disrupting Transnet’s ports and South African Airways systems. TransUnion reports that AI is accelerating the problem, with deepfake use in fraud jumping from 37 percent to 49 percent in a single year. IBM’s global breach study puts the average cost of an incident at almost US$5 million, even higher for financial services, with vendor-related breaches among the most expensive.
The mobile layer is also proving to be a persistent weakness. Although GSMA has rolled out new APIs designed to flag SIM swaps and number changes, uptake across operators and banks remains uneven. Criminals exploit those cracks to hijack accounts, reroute payments and move undetected through supply chains.
Riskonet says boards and regulators need to respond with urgency. That means joint cyberattack rehearsals involving multiple sectors, binding supplier obligations to disclose cyber resilience measures and communicate breaches faster, and stronger customer protections such as default transaction alerts and enhanced verification at high-risk points.
“Supply chains are simply too volatile and too interdependent to tolerate unmanaged cyber risk,” Von Widdern says. “Without coordinated controls the next major cyberattack will not be a contained corporate incident. It will be a systemic South African crisis.”
Interdependencies at surface level may only imply delivery disruptions. However, at an individual company level, when Cyber disrupts a key input or critical process or downstream activity, the impact may quickly exceed tolerance levels and substantially undermine reputations for quality and reliability. Loss of customers and markets follow soon thereafter. Risk assessments have not addressed the primary and consequential exposures to date.
Cooperation he says, means building shared lines of defence across sectors that have traditionally worked in silos. Banks, mobile operators, logistics firms and regulators need to run joint simulation exercises that mimic real ransomware or fraud events.
These drills should test how fast incidents are detected, how communication flows between organisations, and how quickly customers are protected. It also means setting clear rules for information sharing so that an attack on one company is not allowed to cascade silently into the wider economy.
Von Widdern says this approach requires binding commitments in supplier and vendor contracts, where cyber resilience is treated as a non-negotiable condition of doing business.
“That includes independent audits of supplier systems, real-time breach notification requirements, and penalties for non-compliance. For boards, urgent cooperation means elevating cyber risk from the IT department to the executive agenda, with cross-sector task forces empowered to make and enforce collective decisions.
In practice, that could be as simple as agreeing common standards for identity verification or as complex as building shared contingency infrastructure to keep essential services running during an attack.”
