With cyber threats rising and the country’s greylisting review approaching, tackling cybercrime has become a pressing issue for South Africa. But does the country have the regulations, industry collaboration, and enforcement needed to keep up with the growing cyber security risks?

400% surge in identity theft – a crisis in the making?

A 2024 report by the South African Fraud Prevention Service (SAFPS) revealed that identity theft in South Africa skyrocketed by 400% between April 2023 and April 2024. This surge has hit key industries, particularly banking, hard. According to SAFPS, 43.47% of the 8,521 fraud cases opened with the Ombudsman for Banking Services in 2023 involved identity fraud. Criminals are exploiting weak security measures, intercepting authentication processes, and stealing funds and personal data with increasing sophistication.

Is identity protection the missing piece in cybersecurity?

Gur Geva, co-founder and CEO of iiDENTIFii, says:

“In our experience, secure identity is the first line of defence against cybercrime. Criminals can only access data and funds if they successfully breach an organisation’s login and authentication processes, which requires a falsified or stolen identity. That’s why we have dedicated our business to providing secure, multi-layered authentication.”

South Africa’s cybersecurity gap – Why aren't regulators keeping up?

The iiDENTIFii Identity Index South Africa Edition highlights growing investment in digital identity solutions, but businesses still face major obstacles.

According to the report’s co-author and CEO of World Wide Worx, Arthur Goldstuck:

“Despite increasing investment in identity verification (IDV) solutions, 31% of companies cite regulatory compliance as a challenge, while 23% say user resistance is a key barrier.”

South Africa’s Protection of Personal Information Act (POPIA) is a critical part of the regulatory landscape, governing how personal and biometric data is processed. When applied correctly, it strengthens security, but businesses and regulators must work together to ensure compliance doesn’t slow down adoption of better fraud prevention measures.

“Public and private institutions need a unified, coordinated approach to tackling cybercrime,” says Geva.

The Cybercrimes Act – strong start or missed opportunity?

In 2020, South Africa passed the Cybercrimes Act, bringing its legislation in line with global standards. The Act requires businesses to report breaches to the South African Police Service (SAPS) and preserve key evidence for investigations.

It defines cyber fraud as:

"Any person who unlawfully and with the intention to defraud makes a misrepresentation—by means of data or a computer program; or through any interference with data or a computer program as contemplated in subsection 5(2)(a), (b) or (e) or interference with a computer data storage medium or a computer system as contemplated in section 6(2)(a), which causes actual or potential prejudice to another person, is guilty of the offence of cyber fraud.”

While the Act provides a legal framework, its success depends on law enforcement’s ability to investigate and prosecute. Without the right tools and training, enforcement will remain weak.

“The Act needs to be regularly updated to keep up with evolving cyber threats,” says Geva. “Ongoing legislative oversight is key to staying ahead of fraud tactics.”

Why industry collaboration is a secret weapon against cybercrime

The Cybercrimes Act promotes national and international collaboration through legal assistance treaties and information-sharing networks. But industry players are still working in silos.

“South African businesses are implementing cybercrime prevention strategies independently, missing out on the opportunity to share intelligence about local threats,” says Geva.

Stronger cooperation is needed between:

• Financial institutions to detect fraud early
• Tech firms to enhance cybersecurity infrastructure
• Regulators to align compliance standards
• Law enforcement to combat international cybercrime networks

“A coordinated approach involving government, business, and tech leaders is the best defence against cybercrime,” says Geva.

What South Africa must do now to fight identity fraud

With greylisting concerns looming, South Africa must take immediate action to:

• Strengthen cyber regulations to keep up with evolving threats
• Improve enforcement by equipping law enforcement with better tools
• Encourage cross-industry collaboration to enhance fraud detection
• Educate businesses and consumers about digital fraud risks

A call for action – Can South Africa build better cyber defences?

A more unified approach to digital identity and cybercrime prevention, backed by industry-wide collaboration and investment in advanced security technologies, could significantly enhance fraud prevention efforts.

Businesses, regulators and enforcement agencies can build a stronger, more resilient system to combat identity fraud and cybercrime, but they cannot work in a vacuum. A collective effort is the only way to keep the criminals at bay.