![[South Africa] Cybercrime found to be leading risk to businesses](http://gpa.net/cdn/shop/articles/bigstock-Concept-Of-Cyber-Security-Inf-415720189_1200x.jpg?v=1760721648)
New research has found that South African businesses are operating in one of the most dangerous digital landscapes in the world. Cybercrime is no longer an emerging risk; it is now the number one threat facing companies in South Africa, across Africa, and globally. In South Africa, business email compromise (BEC) and payroll fraud are of particular concern, FAnews reports.
The 2025 Allianz Risk Barometer ranks cyber incidents, including ransomware, data breaches, and IT disruptions, as the leading risk in industries from financial services to technology and telecommunications.
The World Economic Forum’s 2025 Global Risks Report and the Institute of Risk Management South Africa’s 2025 Risk Report have reportedly echoed these findings, placing cybercrime as one of their top risks.
Despite this, for too many businesses, the scale of the threat is only noticed when it is too late.
Global media often centres ransomware in headlines. However, South African companies are being most significantly impacted by BEC and payroll fraud. Such schemes exploit weak internal controls and human error, with attackers intercepting payment instructions or manipulating payroll systems.
In payroll fraud cases, salaries are diverted into fraudulent accounts through altered banking details or the creation of 'ghost employees.' Because payroll systems are typically trusted and processed at scale, a single compromise can cost millions.
According to Mongezi Mpahlwa - Partner, Business Rescue, Insolvency and Insurance at Cox Yeats - the firm recently acted for a company that had uncovered a sophisticated ghost employee scheme. Through quick legal action, including an anti-dissipation order, Cox Yeats was reportedly able to preserve assets belonging to the mastermind of the fraudulent scheme and former employee, enabling it to secure the recovery of the misappropriated funds for the client.
Mr Mpahlwa says BEC has become so common that South African courts are now repeatedly asked to decide who bears the loss when payments are made to fraudsters. He highlighted a recent landmark judgment by the Supreme Court of Appeal in Intengo Imoto t/a Northcliff Nissan v Zoutpansberg Motor Wholesalers t/a Hyundai Louis Trichardt, which made it clear that businesses have a legal duty of care to verify electronic communications and banking details when making payment by way of electronic funds transfer.
Mr Mpahlwa cautions that failure to do so may leave them held liable for any loss flowing from payments being made into fraudulent accounts.
Source: FAnews
(Links via original reporting)
New research has found that South African businesses are operating in one of the most dangerous digital landscapes in the world. Cybercrime is no longer an emerging risk; it is now the number one threat facing companies in South Africa, across Africa, and globally. In South Africa, business email compromise (BEC) and payroll fraud are of particular concern, FAnews reports.
The 2025 Allianz Risk Barometer ranks cyber incidents, including ransomware, data breaches, and IT disruptions, as the leading risk in industries from financial services to technology and telecommunications.
The World Economic Forum’s 2025 Global Risks Report and the Institute of Risk Management South Africa’s 2025 Risk Report have reportedly echoed these findings, placing cybercrime as one of their top risks.
Despite this, for too many businesses, the scale of the threat is only noticed when it is too late.
Global media often centres ransomware in headlines. However, South African companies are being most significantly impacted by BEC and payroll fraud. Such schemes exploit weak internal controls and human error, with attackers intercepting payment instructions or manipulating payroll systems.
In payroll fraud cases, salaries are diverted into fraudulent accounts through altered banking details or the creation of 'ghost employees.' Because payroll systems are typically trusted and processed at scale, a single compromise can cost millions.
According to Mongezi Mpahlwa - Partner, Business Rescue, Insolvency and Insurance at Cox Yeats - the firm recently acted for a company that had uncovered a sophisticated ghost employee scheme. Through quick legal action, including an anti-dissipation order, Cox Yeats was reportedly able to preserve assets belonging to the mastermind of the fraudulent scheme and former employee, enabling it to secure the recovery of the misappropriated funds for the client.
Mr Mpahlwa says BEC has become so common that South African courts are now repeatedly asked to decide who bears the loss when payments are made to fraudsters. He highlighted a recent landmark judgment by the Supreme Court of Appeal in Intengo Imoto t/a Northcliff Nissan v Zoutpansberg Motor Wholesalers t/a Hyundai Louis Trichardt, which made it clear that businesses have a legal duty of care to verify electronic communications and banking details when making payment by way of electronic funds transfer.
Mr Mpahlwa cautions that failure to do so may leave them held liable for any loss flowing from payments being made into fraudulent accounts.
Source: FAnews
(Links via original reporting)