IN a revealing new report, the KnowBe4 African Cybersecurity & Awareness Report 2025 has shed light on the increasingly perilous landscape of cybercrime in South Africa.
With a significant financial toll and an alarming shift in public perception, the findings call for urgent reforms in cybersecurity education and practices.
The survey, which polled 800 employed adults across seven African nations, found that 58% of respondents in South Africa were “very concerned” about falling victim to cybercrime — a drastic increase from 29% in 2023.
“One of our survey’s key findings is that Africans are more concerned about cybercrime than they were towards the end of 2023,” senior vice president of content strategy and evangelist at KnowBe4 Africa, Anna Collard, said. “Fear of online fraud and losing money remains their top concern.”
The report indicated that South African consumers lost more than R1 billion in 2023 due to digital banking and mobile app crimes, exposing the lucrative nature of cybercrime in the region. “Cybercriminals increasingly exploited human psychology for social engineering purposes,” the report warned.
Evidently, the growth of phishing schemes and ransomware attacks has had a profound financial and emotional impact on the populace.
As the sophistication of cyber threats evolves, so too does the methodology of cybercriminals. The report stated: “Email phishing and vishing remain leading attack vectors, while criminals exploit diverse communication channels.”
With the rise of AI-generated content facilitating impersonation, extortion, and data theft, the landscape for South African users is becoming increasingly treacherous.
Among the alarming findings, a significant number of respondents revealed their vulnerability to these threats. A staggering 35% have admitted to losing money due to scams, and 32% have clicked on phishing emails, showcasing a perilous gap between awareness and practical application of cybersecurity knowledge. “This disconnect highlights the critical issue of overconfidence, which can be particularly dangerous in cybersecurity,” the report stated.
Additionally, many South Africans appear to lack a thorough understanding of key cybersecurity concepts, with 53% admitting that they did not know what ransomware was.
This lack of knowledge can lead to individuals placing themselves at further risk, making them more susceptible to various cyber threats. “High levels of concern about cybercrime must translate into action and improved personal security practices,” the report stated, emphasising the need for actionable knowledge distribution.
Amid these challenging realities, the survey did provide some hope. There has been a marked increase in the usage of mobile financial services, with 85% of respondents engaging in digital banking and payments.
Yet, this shift comes with its own set of vulnerabilities. “There’s a clear need for cybersecurity education specifically tailored to mobile financial services, focusing on secure transaction practices and recognising financial fraud attempts,” the findings underscore.
The report also emphasises the expanding use of personal devices for professional communication — a trend that could lead to heightened risks as 93% of respondents now use apps like WhatsApp for work-related tasks.
“This can lead to increased risks, as personal devices may not have the same level of security as corporate-managed devices,” the report cautioned. In this context, the influx of remote work during and post-pandemic has further complicated the cybersecurity landscape, with many employees accessing sensitive company data on less secure home networks.
As South Africa grapples with these pressing cybersecurity challenges, experts have advocated for immediate action. The report found that “practical training beyond theoretical knowledge is essential”, highlighting the need for organisations and policymakers to come together to equip individuals with real-world skills in identifying and avoiding threats.
These educational programmes should not only focus on adults but also on younger generations, who, according to the United Nations, represent a promising opportunity for the continent’s future — provided they are equipped with the right tools and knowledge.
The human element in cybersecurity cannot be understated — many threats rely on exploiting human behaviours rather than technical vulnerabilities. As Collard pointed out: “To achieve stronger levels of cybersecurity in 2025 and beyond, it is crucial to address these gaps and empower our younger generations with the tools and knowledge they need.”
Moreover, the report warned of a looming phenomenon known as cybersecurity fatigue, where individuals become overwhelmed by constant security warnings and guidance, subsequently leading them to ignore important alerts.
“Such a high level of concern also risks leading to cybersecurity fatigue—overwhelmed individuals may decline to heed warnings,” the report warned, suggesting that a more engaging and simplified approach to cybersecurity education could help mitigate this issue.
As South Africa continues to navigate its complex digital landscape, the data from the KnowBe4 Report serves as a critical reminder. Cybersecurity awareness and practices must evolve alongside the growing threats.
The historical emphasis on reactive measures must shift towards preventive measures, creating robust frameworks for continuous learning in both corporate and personal settings.
With cyber threats on the rise and personal financial security at stake, South Africa stands at a crucial juncture. How society responds to these challenges will, in many ways, dictate the future safety and security of its digital landscape.
The call for immediate and sustained action is clear — collaboration, education, and practicality are essential in fortifying South Africa against the ever-evolving threats of cybercrime.