15 May 2023

South Africa held to Ransom: 8th most targeted country in the world for ransomware

Mitigate the Risk of Human Error with Email Security Software by SYNAQ

On 4 April 2023, the CSIR hosted an information session aimed at educating and informing members of the public about global and national cybercrime trends, and technological innovations designed to strengthen individual, public and private sector security postures.

Key Takeaways

  • South Africa ranks 6th in the world for cybercrime density (incidents per capita).
  • South Africa is the 8th most targeted country in the world for ransomware.
  • In the past year, more than half of South African firms were impacted by ransomware.
  • South Africa has the highest incidence of business email compromise on the continent.
  • Cybercrime costs the economy an estimated R2.2 billion per annum.
  • The World Economic Forum places cybercrime among the top 10 risks in both 2 and 5-year forecasts.
  • 87% of South African firms do not have adequate cybersecurity skills to deal with the threat.
  • Over 98% of cyber-incidents are the result of human error.

Continue reading to learn why South Africa is so vulnerable and what you can do to mitigate your risk.


Cybercrime is a pandemic. The World Economic Forum puts it among the top 10 risks facing global stability in the next 2 and 5 years. And, according to Billy Petzer, CSIR’s Research Group Leader in the Information and Cyber Security Centre, South Africa is particularly vulnerable.

In a recent information session, “Cybercrime and South Africa: An Introspective Look”, Petzer shared research findings and reported that South Africa ranks 6th in the globe for cybercrime density and is the 8th most targeted country in the world for ransomware. He also reported that South Africa has the highest incidence of business email compromise on the continent. Against this backdrop, email threat protection is a no-brainer.

The threat is so immense that, globally, cybersecurity skills cannot keep up. Petzer reported a global supply and demand shortfall for cybersecurity professionals of 2.27 million people.

In South Africa, with our lower levels of education, this gap is even more acute. It’s also this lack of skill and digital literacy that makes us more vulnerable and therefore more attractive to cybercriminals. The threat this poses is glaringly evident when considering that over 98% of cyber-incidents are the result of human error.

The CSIR and others are embarking on laudable initiatives to bridge the skills gap, but the sheer scale of the threat demands that good cybersecurity starts at home and at work. Organisations looking to bolster their defences must educate employees about best practises online.

“But this isn’t going to happen overnight. We’re all human, after all. Putting effective cybersecurity solutions in place to mitigate human error is essential to address the threat of cybercrime”, says Stephanie Do Canto e Castro, COO of SYNAQ.

“As email security specialists, we see the prevalence of Business Email Compromise (BEC) threats and ransomware on a daily basis. Given the huge role email continues to play in business communication, we can’t stress the importance of effective email security solutions enough”.

South Africa | A Perfect Storm

Why is South Africa such a popular target for cybercriminals? Petzer sites a set of socioeconomic and geopolitical characteristics that make us unique in the global threat landscape.

By all accounts, we remain the most unequal society in the globe. While we boast one of the biggest economies on the continent, we also contend with high levels of poverty and unemployment, and low levels of education. A reported 59.9% of the adult population did not complete high school, according to the Department of Higher Education and Training.

Despite this, we are the most technologically advanced country on the continent with smartphone penetration at over 90% and internet access at an estimated 82%.

In short, we have access, but from a skills and digital literacy perspective, we are not tech-savvy enough to identity and thwart cybercriminals. The most vulnerable in society are also the most susceptible to scammers who promise financial reward. But the skills deficit extends beyond the individual. According to Petzer, Kaspersky estimates that 87% of organisations in South Africa do not have adequate cybersecurity skills. This is evident in recent high-profile incidents affecting both the public and private sector – Experion, Transnet and Life Healthcare, to name but a few.

The proliferation of ransomware is expected to continue with cybercrime marked as one of the biggest risks facing South African businesses in 2023. Globally, 43% of leaders expect a cyberthreat will materially impact their organisations in the next two years.

How should South African Businesses Respond?

South African businesses are responding. The CSIR reports that businesses plan to increase spend on cybersecurity by 22% in the next 3 years. But given the scale of the threat, it’s doubtful that this is enough. In the past year alone, more than half of South African firms were impacted by ransomware.

Given a constrained economy, there is also the question of where best to spend cybersecurity budgets. In the mid to long-term, addressing the cybersecurity skills deficit by investing in skills development and training is critical, but in the immediate and short-term, policies and platform implementation is essential to bolster security postures.

SYNAQ champions a privacy-first approach that permeates People, Policies and Platforms. “Designing and deploying privacy-first policies will empower your people with the processes and protocols necessary to protect their personal data, and your company’s. Recognising that people are fallible and providing additional layers of platform protection is equally important”, says Stephanie.

“SYNAQ’s email security software does just this, but with the added benefit of concierge support services geared to upskill and empower your people to better protect your business”.

SYNAQ recognises the unique nature of the South African threat landscape, and constantly evolving heuristics engines, algorithms and email security services make for comprehensive, locally relevant line of email threat protection that delivers real value to clients.

In Summary

Cybercrime is a global threat – to individuals, business, civil society, and national security. We have a shared responsibility to bolster our security posture through education and platform adoption if we are to thwart cybercriminals.

Adopting a privacy-first approach to cybersecurity that encompasses people, policies and platforms goes a long way to providing both immediate threat protection and bridging cybersecurity skills gaps for the long run.

With ransomware and business email compromise on the rise, email threat protection is non-negotiable. Partnering with an email security solutions provider like SYNAQ can help you bridge and build cybersecurity competency in your organisation whilst enabling your mailbox to act as the best line of defence against email threats.

Contact us now to find out more.