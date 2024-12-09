Image Source: Google

What is the answer to a wave of cyberattacks that affected South Africa’s biggest institutions in 2024?

Apparently, not a bigger cybersecurity budget. In the last three years, South African organisations—including big corporations and government parastatals—have lost up to $20 million to damning cyberattacks and data breaches.

This year, the country was ranked as one of the most-affected countries in Africa, dealing with more than 1,876 recorded cases in Q3 2024 alone.

Government arms like the Companies and Intellectual Property Commission (CIPC) and the National Health Laboratory Services suffered breaches.

Despite these headline-grabbing cyberattacks, only 29% of South African organisations plan to increase their cybersecurity budget by 2025, according to consulting firm PwC.

The disconnect is striking. Cybercriminals are sharpening their hunting instincts and shooting faster than these organisations can fly. Some of them are forming hacktivist and syndicate groups to attack and share companies’ data among themselves or sell the information for cheap.

Large South African organisations that are getting minimal budget lifts could mean one of two things: they have either implemented top cybersecurity policies and only consolidation remains, which likely explains the minimal spend. Or, they are de-prioritising a channel that was a leaky pipe for them in 2024.

If the latter is the case, then the rhetoric here is whether South Africa’s biggest organisations are irrationally optimistic about the threats.