contact
Threat intelligence report | South Africa 2025

the cost of doing nothing is not zero

South African businesses are under sustained, escalating attack. This report presents the real financial, operational, and reputational data that every C-suite leader needs to make an informed decision about cyber defence.

Sources: IBM Cost of a Data Breach 2025 · SABRIC 2024 · Cisco Cybersecurity Readiness Index 2025 · Check Point Research
Average cost per breach in South Africa (2025)
R 1 m
Cyberattacks per organisation, per week in SA
1
SA organisations fully prepared to defend themselves
1 %
Average days to identify and contain a breach in SA
1 d
Financial Exposure

what a breach actually costs your business

A breach is never a single line item. IBM’s 2025 report breaks down where money haemorrhages — before, during, and long after the attack.

Average Breach Cost in Financial Services

R70.2m

The single most exposed sector in South Africa. One incident can erase years of profit, trigger regulatory fines, and destroy client trust permanently.
Highest Sector
Detection & escalation spend per breach

R17.5m

Detection Cost
The largest single cost category in SA breaches. This is the price of finding a breach after it has already occurred — reactive security is expensive security.
Lost business revenue per breach

R13.1m

Lost Business
Customer churn, operational downtime, reputational damage. Most organisations don’t account for this in their risk models — they should.
Cost reduction for AI-enabled security teams

-R19m

AI Advantage
Organisations extensively using AI and automation incurred on average R19M less per breach, and detected threats 88 days faster. This is the measurable ROI of a SecOps partner.
Financial Exposure

how attackers get in and what it costs

Understanding attack vectors is the first step to prioritising defence. These are the most common entry points in South Africa, ranked by frequency and average breach cost.

Stolen Credentials
Frequency

% of breaches

17%

avg. cost (SA)

R56.0m

Phishing
Frequency

% of breaches

13%

avg. cost (SA)

R56.3m

Business Email Compromise
Frequency

% of breaches

10%

avg. cost (SA)

R63.0m

Supply Chain
Frequency

% of breaches

10%

avg. cost (SA)

R59.0m

Multi-cloud Exposure
Frequency

% of breaches

49%

avg. cost (SA)

R59.0m

Denial of Service
Frequency

% of breaches

8%

avg. cost (SA)

R44.0m

* 49% of breaches globally involved data across multiple cloud environments — the most expensive breach type to detect and contain, averaging 263 days.

Vulnerability Map

where your business is most exposed

These are the six primary vulnerability domains facing South African businesses. Each represents a vector that attackers actively exploit.

Identity & Access
Compromised credentials account for 17% of all SA breaches. Weak authentication, shared passwords, and no MFA create open doors for attackers.
  • R56M average cost per credential breach
ID
Endpoint Exposure
Remote work has expanded the attack surface dramatically. Unmanaged endpoints — laptops, mobile devices, IoT — are prime targets for ransomware entry.
  • 1,863 attacks/org/week targeting endpoints
EP
Email & Phishing
AI-generated phishing is now indistinguishable from genuine correspondence. 87% of SA organisations experienced AI-assisted attacks in the past year.
  • 13% of breaches start with phishing
EM
Cloud Misconfiguration
Rapid cloud adoption without security controls creates shadow data and misconfigurations. 49% of SA breaches involve multi-environment data exposure.
  • 263 days average to detect cloud breaches
CL
Supply chain & third parties
Your weakest vendor becomes your weakest link. Third-party compromises are the fastest-growing attack vector in South Africa in 2024–2025.
  • 10% of breaches via supplier access
SC
Email & Phishing
13% of organisations globally experienced breaches of AI models in 2025. Of those, 97% had no AI access controls in place — a rapidly escalating risk.
  • 60% of AI incidents led to data compromise
AI
Sector Analysis

industry impact in South Africa

Industry impact in South Africa
No sector is immune. The costs below reflect average breach costs per industry in South Africa, from IBM’s 2025 report.
Financial Services

key risk factor

Regulatory fines, fraud liability, client trust

avg. breach cost (SA)

R70.2m

Hospitality

key risk factor

Payment systems, PII data, card data exposure

avg. breach cost (SA)

R57.5m

Professional Services

key risk factor

Confidential client data, legal & reputational risk

avg. breach cost (SA)

R56.8m

Health & Medical

key risk factor

POPIA obligations, patient record sensitivity

avg. breach cost (SA)

R51.0m

Retail & e-Commerce

key risk factor

Transaction data, loyalty programme exposure

avg. breach cost (SA)

R46.0m

Government & Public Sector

key risk factor

Infrastructure disruption, citizen data, POPIA

avg. breach cost (SA)

R43.0m

Logistics & supply chain

key risk factor

Operational downtime, partner network exposure

avg. breach cost (SA)

R39.0m

Mining & resources

key risk factor

OT/IT convergence, critical infrastructure targeting

avg. breach cost (SA)

R36.0m

* All sector costs sourced or interpolated from IBM Cost of a Data Breach South Africa 2024/2025. POPIA non-compliance fines are separate and additional.

C-Suite Impact

every leader has skin in the game

A cyberattack doesn’t stop at the IT department. The fallout touches every corner of the executive team — and the board.

CEO | Chief Executive Officer
Organisational survival & reputation

You are ultimately accountable. 70% of breached organisations globally reported significant or very significant business disruption. Recovery took more than 100 days for most. Customers don’t forgive.

  • 63% of breached organisations globally passed costs to customers through price increases
  • R2.2 billion in annual cybercrime losses undermine investor confidence in SA businesses
  • Only 5% of SA organisations are fully cyber-prepared — what does your board know about your posture?
  • POPIA enforcement means personal liability is no longer a distant risk
CFO | Chief Financial Officer
Risk-adjusted cost of inaction

Security spending isn’t a cost centre — it’s the most compelling risk-adjusted investment on your balance sheet. R44.1M average breach vs. a fraction of that in prevention.

  • Detection & escalation alone costs R17.5M per breach — the price of reactive security
  • AI-enabled organisations save R19M per breach on average — a quantifiable ROI
  • Regulatory fines under POPIA for non-compliance are additional to breach costs
  • Cyber insurance premiums are rising sharply — strong security posture reduces them
CTO | Chief Technology Officer
Infrastructure integrity & continuity

Your architecture is under attack 1,863 times a week. Cloud sprawl, multi-environment data, and AI model vulnerabilities create an expanding attack surface that internal teams struggle to monitor 24/7.

  • 49% of breaches involve data across multiple environments — visibility is the first battle
  • AI and automation reduced breach detection time by 88 days on average
  • 13% of organisations experienced AI model breaches; 97% had no access controls
  • Business email compromise costs R63M per incident — the most expensive single vector
CIO | Chief Information Officer
Data governance & operational resilience

You own the data — and the liability. 78% of SA organisations report a critical skills shortage in cybersecurity. Your internal team is outgunned, not outperformed. A SecOps partner levels the field.

  • 78% of SA organisations cite the cybersecurity skills shortage as a major challenge
  • Staffing shortages cost breached companies an extra $1.76M on average (IBM 2024)
  • A SecOps partner provides 24/7 monitoring your team cannot sustain alone
  • POPIA enforcement means personal liability is no longer a distant risk
the case for a SecOps partner

what proactive security actually delivers

The data makes the case. Organisations that partner with a dedicated SecOps provider consistently outperform those that go it alone — in cost, speed, and outcome.

Financial Return
  • R19M average saving per breach event with AI-enabled security
  • 32% lower total breach costs for organisations with extensive security automation
  • Reduced cyber insurance premiums through demonstrable security posture
  • POPIA compliance as a measurable, defensible outcome
Operational Return
  • 88 days faster threat detection and containment vs. no automation
  • 24/7 monitoring — 365 days — without internal staffing overhead
  • Bridges the SA cybersecurity talent gap with expert concierge service
  • Continuous vulnerability scanning catches what point-in-time audits miss
The Numbers
average saved per breach with AI-enabled SecOps (IBM 2025)
R 1 m
faster detection with security automation
1 days
lower breach costs for AI-first security teams
1 %

Your business is already a target. The question is whether you're ready.

Fortress connects South African businesses to premium, proactive SecOps solutions that give your team the intelligence, tooling, and 24/7 coverage to stay ahead of the threat.