ACCORDING to Check Point Research’s July 2025 Global Threat Report, South Africa has entered the top four most frequently targeted African countries.
Among African nations, Nigeria suffers the most from cyberattacks. Companies there experienced 6,101 cyberattacks in just one week in July, a 67% increase from the previous year.
Kenyan organizations rank second with 3,468 weekly attacks per organization, followed by Angola with 3,731 attacks per week. However, the number of attacks in Kenya and Angola has decreased year-on-year by 25% and 34% respectively.
According to Check Point Research, organizations in South Africa face 2,113 weekly attacks, which is 14% more than a year earlier.
“In Africa, the three most-targeted sectors were telecommunications, government, and financial services, followed by energy and utilities,” Check Point Research reports.
Lorna Hardy, Regional Director of Check Point Software Technologies in Africa, called the cyberattack figures for African organizations “particularly alarming.”
In recent years, cybercriminals in South Africa are increasingly attacking government infrastructure. According to the 2025 Telecommunications Sector Report by the Communication Risk Center (Comric), government infrastructure faces approximately 3,312 weekly attacks.
Comric estimates that cybercriminal activity costs the country about 2.2 billion rand ($123 million) annually. In the private sector, the average cost of a data breach in 2023 reached nearly 50 million rand.
It is reported that about 78% of businesses in South Africa have faced at least one cybersecurity incident.
The report also highlights phishing as another common type of attack. Phishing scams attempt to trick victims into revealing confidential information. Comric data shows phishing attacks cost South Africa 200 million rand in 2025. Also noted is a sharp increase in synthetic identity fraud cases, which rose by 153%.
The IBM “Cost of a Data Breach 2025” report states that from March 2024 to February 2025, data breaches cost South African companies an average of 44.2 million rand.
Although this is 17% less than 53.1 million rand in the same period last year, IBM noted that the average number of leaked records increased from 22,600 to 23,445.
IBM analyzed real data from over 600 organizations, including companies in South Africa. Average post-breach response costs were 12.54 million rand, and notification costs to clients and stakeholders were around 950,000 rand.
In 2025, the financial sector recorded the highest costs at 70.2 million rand, followed by hospitality (57.5 million rand) and services (56.8 million rand).
IBM identified third-party and supply chain breaches as the most common initial causes of data leaks. These incidents accounted for 17% of cases, with an average cost of 29.6 million rand, while compromised credentials, phishing, and denial-of-service attacks accounted for 13% of all leaks.
Average losses from these attack vectors amounted to 48.0 million, 50.4 million, and 38.8 million rand respectively.
According to IBM, implementing data protection software, broader AI analytics, and adoption of DevSecOps methods help reduce costs associated with data breaches.