The banking and insurance sectors in South Africa have shown impressive growth in recent years. However, cybercrime is rising at an overwhelming rate. In 2021, South African banks recorded net profit increases of between 95% and 224%, and total banking assets in the country grew by 16.36% to hit $388.2 billion at the end of March 2020.

But a survey by EasyDMARC, an Armenian-founded cyber defence firm, shows that nearly half of South Africa’s insurance companies cannot cope with rising cases of email phishing, while banks are struggling to combat spoofing attacks.

“Out of 35 South African insurance companies, only 18 have a DMARC policy deployed for email authentication. This means only 51.42% of insurance companies are prepared against phishing, spoofing, and spamming attacks attempted in their name,” the report said. DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a technical cybersecurity standard designed to protect email senders and recipients from cyberattacks. The report also shows that only 18 of the 38 banks using DMARC have set email defence mechanisms that ward off 100% of phishing attempts.

A growing cybercrime trend

EasyDMARC’s findings are not the first to reveal a cybercrime vulnerability in South Africa’s financial sector. There has been a growing trend of bad actors exploiting top lenders in South Africa. 

In 2018, Insurer Liberty Holdings had a cyber breach, which in turn caused its shares to decline.

Last March, the South African branch of the TransUnion credit organisation lost four terabytes of customer data, exposing 54 million clients, including president Cyril Ramaphosa, to the risk of identity theft. The hackers made a ransomware demand of $15 million.

According to a 2021 Interpol report, South Africa leads Africa in cyber threats and ranks third globally, with 230 million threats detected last year. Most of these threats (219 million) came through emails.

“The country has seen a 100% increase in mobile banking application fraud and is estimated to suffer 577 malware attacks an hour,” Interpol stated.

GIB Group, a firm which offers personal cyber insurance in South Africa, found that banking app losses increased by more than 88% in 2020. As a result, hackers stole an average of $820 per banking app transaction.

It’s not just the banks that are exposed—retailers too. A recent report by Sophos, a British cybersecurity firm, shows that the average ransom payment rose by 53 per cent to $226,044 in 2021, from $147,811 in 2020. It also shows that only 28 per cent of retail organisations targeted could stop their data from being encrypted by hackers.

A successful cyber-attack on Transnet, the transport parastatal, halted container terminal operations in 2021, disrupting imports and exports. This incident had far-reaching strategic and economic consequences.

Accenture estimates that South Africa is losing $127 million a year to cybercrime and has the highest number of targeted ransomware attempts in Africa.

Africa’s cybercrime problem

Cybercrime is a continent-wide problem, although more prominent in South Africa. According to Interpol’s Africa Cyberthreat Assessment Report, over 90% of businesses on the continent are functioning without the necessary cyber security protocols. 

While awareness about cybersecurity is growing on the continent, it’s far from enough. In 2021, cybercrime reduced GDPs across Africa by 10%, costing it $4 billion.

Some countries like Togo and Ethiopia are taking active steps to secure cyberspace. But there’s still more to do, especially concerning awareness and policy.