Put an end to cyberattacks on endpoint assets

Cybersecurity is a rising concern for South Africa’s private sector, and with good reason. Infostealer and ransomware attacks are homing in on South Africa, making it the most targeted country on the continent last year. In Africa, 40% of ransomware attacks and almost 35% of infostealer incidents occurred in South Africa.

These cybersecurity attacks have been making headlines more often over the past few years due to their scale, financial cost, and potential consequences. Of the top 10 most significant data breaches in South Africa, three of these occurred in the past three years.

In 2022, 3,6 million Dis-Chem customers’ information were compromised; two years later, the data of 7.7 million Cell C customers were stolen, which included their financial information such as banking details; and in 2025; Pam Golding’s client database was breached, which included property transaction histories and confidential business information, leaving clients vulnerable to real estate scams and fraud.

Even more concerning than the frequency of attacks is the significant inflation of median ransom demanded by cybercriminals in cyberattacks. Research shows that these figures increased from R2,9 million in 2024 to R17 million in 2025.

Standardising cybersecurity in finance
With a clear upward trend in cybercrime attacks, South African citizens and businesses are increasingly becoming digital targets. In response, the Financial Sector Conduct Authority (FSCA) and the Prudential Authority (PA) published the Joint Standard 2 of 2024, titled “Cybersecurity and cyber resilience”.

According to the paper’s summary, this standard “sets out the requirements for sound practices and processes relating to cybersecurity and cyber resilience for financial institutions.” Effective since 1 June 2025, the framework aims to ensure that South Africa’s financial institutions have robust security measures in place.

Considering that financial institutions, such as banks, underwriting management agencies, asset managers, and insurers, manage digital environments that merge emerging technology with sensitive customer data, there is a clear need for standardised, safe, and robust industry practices regarding cybersecurity.

These frameworks necessitate that financial institutions to:

• Develop and maintain a strategy and framework that outlines how they identify cyber risks and implement controls to mitigate them.
• Implement essential security practices and fundamental controls to protect against evolving cyber threats.
• Ensure transparent reporting on cybersecurity and cyber resilience matters to ensure accountability, and
• Proactively review cybersecurity strategies and improve cybersecurity measures.

How to meet the compliance deadline
Although this joint standard is a significant step forward for South Africa’s financial sector towards a cybersecure landscape, many companies are uncertain on the best way forward. While compliance is non-negotiable, there isn’t a clear and detailed guideline on how each business’s unique risk profile must be assessed, a comprehensive cybersecurity framework must address these vulnerabilities, and employee training must help curb potential threats.

Even though the requirements call for standardisation, each financial institution need a bespoke cybersecurity solution to ensure compliance. For those corporates who have yet to take the first step towards meeting the mandatory regulation, there is the additional time pressure that increases the implementation complexity.

Initially set for 1 June 2025, the compliance deadline has been extended to December 2026. By this date, businesses must have a credible plan in place that sets out how full compliance will be achieved. If you fall into the category of financial institutions that urgently need to assess the business’s cybersecurity control gaps, have an updated Incident Response Plan, and schedule an executive attestation, contact Dotcom Cybersecurity.

Our team of specialists offers a tailored combination of compliance advisory and audit readiness services that ensures your business meets the regulatory requirements. Reach out to us today and start your journey towards cybersecurity compliance. Visit our website, call

(+27) 12 003 6596, or email info@dotcomcybersecurity.co.za.