South Africa Faces Surge in Cyber Attacks, Leads Africa in Reported Incidents

South Africa has recorded 110 cybercrime incidents involving ransomware, extortion, and state hacking since 2020, the highest number in Africa. This is according to Orange Cyberdefense’s Security Navigator Africa 2025 report, which highlights the country’s growing exposure to digital threats.

Cybercrime on the Rise Across Africa

Between 2020 and September 2025, Orange Cyberdefense documented 340 cyber incidents across 38 African countries. South Africa accounted for nearly a third of them, followed by Egypt with 46.

The report combines verified media and government reports with data from dark web leak sites, offering one of the most comprehensive pictures yet of Africa’s cyber threat landscape.

Charl van der Walt, head of security research at Orange Cyberdefense, said the study’s goal was to build a more accurate understanding of cybercrime on the continent.

“We wanted to focus narrowly on cybercrime affecting organisations in Africa,” he said. “Our findings show the problem is far bigger and more complex than most people realise.”

Underreported and Underestimated

Of the 340 incidents, 74 came from verified public sources, while 266 were gathered from leak sites used by ransomware groups to publish stolen data. These sources revealed that many attacks are never disclosed publicly, meaning the true scale of cybercrime in Africa is likely much higher.

Van der Walt noted that while South Africa’s open media environment increases visibility, the country’s exposure is also a reflection of its economic size and digital maturity.

Big Economies, Bigger Targets

According to the report, larger and more digitally advanced economies suffer the most cyber attacks. South Africa’s sophisticated financial systems and rapid digital transformation make it an attractive target for global hackers.

Orange Cyberdefense found that the volume of attacks correlates more with economic size than cyber maturity, contradicting the assumption that weaker cybersecurity automatically means higher risk.

Dominic White, managing director of Orange Cyberdefense South Africa, said the data challenges outdated views about Africa’s vulnerability.

“Africa’s story is not one of weakness but adaptation,” he said. “Limited resources have forced many nations to become creative and resilient in how they respond.”

Language and Exposure

The report highlights another overlooked factor: language.
Countries using English, French, or Portuguese experience more attacks than those using languages like Arabic. This is because global threat actors often optimise their tools and scams around major international languages.

South Africa’s Digital Risk Grows

South Africa’s leadership in fintech, online services, and digital infrastructure has come with a price. The country now faces constant pressure from ransomware syndicates, data extortion groups, and state-linked hackers.

The report suggests that cyber resilience, not just compliance, will define the next phase of Africa’s digital evolution. As more citizens and companies go online, protecting data, critical systems, and digital trust becomes a national priority.