The Cyber Threat Landscape in South Africa: A 10-Year Review




Cybersecurity, Cyber threats, Cyberattacks, Cyber incidents, Attack surface, Compromised websites, Cybercrime, Data exposure, System intrusion, Denial of service


The world is witnessing a rise in cyber-related incidents. As information technology improves and the reliance on technology increases, the frequency and severity of cyber incidents escalate. The impact is felt globally, and South Africa is not immune to the effects. The country’s fast-paced technological evolution continues to increase the attack surface within the cyber domain. The increased attack surface is confirmed by recent cyberattacks affecting well-known and established South African organisations. This article reviews findings from an evaluation of South Africa’s cyber threat landscape that analysed 74 cyber incidents identified as occurring between 2010 and 2020. The 74 incidents are categorised according to incident type, affected sector, perpetrator type, and motivation. It is found that the most common incident type is data exposure, the most-affected sector is the public sector, the most prevalent perpetrators are hackers, and the most common motivation is criminal. The article makes recommendations about how South Africa can reduce the risk factors in its cyber threat landscape.


Metrics Loading ...


Bhagattjee, P., Govuza, A., & Westcott, R. (2021, June 9). Regulating the Fourth Industrial Revolution - South Africa’s Cybercrimes Bill is signed into law. Cliffe Dekker Hofmeyr.

Bing, C., & Kelly, S. (2021, May 8). Cyber attack shuts down U.S. fuel pipeline ‘jugular,’ Biden briefed. Reuters.

Brush, K. (n.d.). Cybercrime. TechTarget.

Burke, I., Motlhabi, M., Netshiya, R., & Pieterse, H. (2021). Lost packet warehousing service. In Proceedings of the 16th International Conference on Cyber Warfare and Security (pp. 501–508). ACI.

BusinessTech. (2014, October 30). Vodacom exposing subscriber details.

BusinessTech. (2016, February 16). Hackers leak SA government’s sensitive financial data.

Duffy, C. (2021, March 10). Here’s what we know so far about the massive Microsoft Exchange hack. CNN.

Dullabh, R., & Gabryk, N. (2021, April 13). South Africa: Preparing for POPIA: Data breach response. Mondaq.

Eaton, C., & Volz, D. (2021, May 19). Colonial Pipeline CEO tells why he paid hackers a $4.4 million ransom. Wall Street Journal.

Gandhi, R. A., Sharma, A., Mahoney, W., Sousan, W., Zhu, Q., & Laplante, P. A. (2011). Dimensions of cyber-attacks: Cultural, social, economic, and political. IEEE Technology and Society Magazine, 30(1), 28–38.

Goldstuck, A. (2021, August 1). Transnet cyber hack a warning of risk to SA. BusinessLive.

ITWeb. (2020, June 14). Postbank to replace 12m bank cards after security breach.

Kakareka, A. (2014). Detecting system intrusions. In J. R. Vacca (Ed.), Network and system security (2nd ed.) (pp. 1–27). Syngress.

Kumar, R., Raj, P., & Perianayagam, J. (2019). A framework to detect compromised websites using link structure anomalies. In S. Omar, S. W. Haji, & S. Phon-Amnuaisuk (Eds.), Advances in intelligent systems and computing: Proceedings of the Computational Intelligence in Information Systems conference (CIIS 2018) (pp. 72–84). Springer.

Mcanyana, W., Brindley, C., & Seedat, Y. (2020). Insight into the cyberthreat landscape in South Africa. Accenture.

McKane, J. (2020a, November 10). ANC Youth League website hacked. MyBroadband.

McKane, J. (2020b, November 30). Absa hit by data breach. MyBroadband.

Mikhaylova, G. (2014). The “Anonymous” movement: Hacktivism as an emerging form of political participation. Texas State University, San Marcos.

Moyo, A. (2017, June 29). DBE web site hacked, pro-Islamic State messages posted. ITWeb.

Moyo, A. (2019a, October 25). City of Joburg hit by cyber attack. ITWeb.

Moyo, A. (2019b, October 25). Bad day for SA’s cyber security as banks suffer DDoS attacks. ITWeb.

Moyo, A. (2019c, September 13). Garmin SA hacked, exposing users’ credit card details. ITWeb.

Moyo, A. (2019d, October 28). Liquid Telecom, Webafrica hit by DDoS attacks. ITWeb.

Moyo, A. (2020a, August 19). Experian hacked, 24m personal details of South Africans exposed. ITWeb.

Moyo, A. (2020b, February 5). Tracker hack hints at more ransomware attacks in SA. ITWeb.

Moyo, A. (2021, July 22). Transnet suffers “disruption” of IT systems. ITWeb.

Muller, R. (2013, December 30). My Vodacom security flaw exposes subscriber details. MyBroadband.

Mungadze, S. (2020, June 9). Life Healthcare Group hit by cyber attack amid COVID-19. ITWeb.

MyBroadband. (2012, December 9). South African websites hacked.

MyBroadband. (2014, September 21). Mass hacking of South African websites.

MyBroadband. (2016, May 30). MTN exposing subscribers’ personal details online.

MyBroadband. (2017, May 21). Telkom systems crippled by WannaCry ransomware.

MyBroadband. (2018, July 7). South African presidency website hacked.

Mzekandaba, S. (2019, July 23). SASSA web site remains down after hack. ITWeb.

Ngqakamba, S. (2021, September 9). Justice department’s IT system brought down in ransomware attack. News24.

Rawlins, L. K. (2017, June 28). Hackers again prove their global power. ITWeb.

Republic of South Africa (RSA). (2013). Protection of Personal Information Act (POPIA) 4 of 2013.

Sabillon, R., Cano, J., Cavaller, V., & Serra, J. (2016). Cybercrime and cybercriminals: A comprehensive study. International Journal of Computer Networks and Communications Security, 4(6), 165–176.

Slabbert, A., & Peyper, L. (2021, August 1). Transnet attack is cyber warfare. City Press.

Trautman, L. J., & Ormerod, P. (2019). Wannacry, ransomware, and the emerging threat to corporations. Tennessee Law Review, 86(503), 504–556.

Trend Micro. (2017). Ransomware: Past, present, and future.

Van Heerden, R. P., Irwin, B., Burke, I. D., & Leenen, L. (2012). A computer network attack taxonomy and ontology. International Journal of Cyber Warfare and Terrorism (IJCWT), 2(3), 12–25.

Van Heerden, R. P., Von Soms, S., & Mooi, R. (2016). Classification of cyber attacks in South Africa. In IEEE (Ed.), 2016 IST-Africa Week Conference (pp. 1–16).

Van Niekerk, B. (2017). An analysis of cyber-incidents in South Africa. The African Journal of Information and Communication (AJIC), 20, 113–132.

Vermeulen, J. (2016, February 12). Massive number of South African websites hacked by Anonymous. MyBroadband.

Vermeulen, J. (2019, November 25). Massive DDoS attacks – South African internet providers crippled. MyBroadband.

Vermeulen, J. (2020a, May 27). Data leak on UIF COVID-19 relief scheme website. MyBroadband.

Vermeulen, J. (2020b, October 1). Ransomware group claims hack on Office of the Chief Justice. MyBroadband.

Vermeulen, J. (2020c, November 7). Ransomware group releases data after attack on Office of the Chief Justice. MyBroadband.

Willett, M. (2021). Lessons of the SolarWinds hack. Survival, 63(2), 7–26.

Wyatt, M. (2021, March 16). Responding to the Microsoft Exchange Hack. Wall Street Journal Pro Cybersecurity Research.




How to Cite

Pieterse, H. (2021) “The Cyber Threat Landscape in South Africa: A 10-Year Review”, The African Journal of Information and Communication (AJIC). South Africa, (28). doi: 10.23962/10539/32213.



Research Articles