REPORT | The 2023 state of ransomware in South Africa

17th May 2023

1175

We commissioned an independent, vendor-agnostic survey of 3,000 IT/cybersecurity leaders in mid-sized organisations (100-5,000 employees) across 14 countries, including 200 respondents in South Africa.

The survey was conducted between January and March 2023, and respondents were asked to respond based on their experiences in the previous 12 months.

Key findings

According to the State of Ransomware in South Africa 2023 report, 98% of South African respondents whose organisation had purchased cyber insurance in the last year said the quality of their defences had a direct impact on their insurance position.

Key highlights:

78% of South African organisations were hit by ransomware in the last year, a considerable increase from the 51% that reported an attack in our 2022 survey. By comparison, globally, 66% of respondents said their organisation had experienced a ransomware attack in the last twelve months.
Exploited vulnerabilities were the most common root cause of attack for South African organisations, used in 49% of incidents. Compromised credentials were the second most frequent attack vector, used in 24% of attacks.
89% of attacks resulted in data being encrypted. This is higher than the global average of 76%, and a considerable increase from the 45% reported by South African respondents in last year’s survey.
Data was also stolen in 35% of attacks where data was encrypted, higher than the global average of 30%.
100% of South African organisations whose data was encrypted got data back, slightly above the global average of 97%.
Backups remain the most common method used for restoring data, with 76% of South African respondents whose data was encrypted using this approach. This is in line with the 80% that used backups in our 2022 survey.
45% of those that had data encrypted in South Africa paid the ransom, slightly down from both last year’s rate of 49% and the 2023 global average of 47%.
24% of South African organizations that had data encrypted used multiple recovery methods in parallel.
Two respondents from the South African whose organisation paid the ransom shared the exact amount. One of these respondents reported paying $5 million or more.
Excluding any ransom payments, the average (mean) bill incurred by South African organizations to recover from a ransomware attack was reported at $0.75 million, including costs of downtime, people time, device cost, network cost, lost opportunity, et cetera. This is considerably less than the global average cost of $1.82 million.
82% of private sector South African organizations hit by ransomware said the attack caused them to lose business/revenue, slightly lower than the global average of 84%.
53% of South African organisations took up to a week to recover from the attack. 29% took up to a month while 19% took between one and six months.
98% of South African organisations say they have some form of cyber insurance with 47% having a standalone cyber policy and 51% having cyber as part of a wider business policy. By comparison, globally, 91% have cyber coverage with 47% having a standalone policy and 43% a wider business policy that covers cyber.
98% of South African respondents whose organisation had purchased cyber insurance in the last year said the quality of their defenses had a direct impact on their insurance position. 66% said it impacted their ability to get coverage
61% said it impacted the cost of their coverage (the premium)
19% said it impacted the terms of their policy, for example the total amount of coverage or sub-limits

Common root causes of attacks

Ransomware continues to be a major threat facing South African organisations. With the growth of the ransomware-as-a-service business model, we do not anticipate a drop in attacks in the coming year.

The survey reveals the most common root causes of attacks and shines new light on how experiences with ransomware differ based on organisation revenue. The report also reveals the business and operational impact of paying the ransom to recover data rather than using backups.

Retirement calculator for South Africa – Am I saving enough?

VAT calculator South Africa (15%) – Add or remove VAT

AI didn’t kill the job, it killed the junior years

The education landscape is at crossroads

The importance of the Employment Equity Amendment Act 2025

Tax systems in Africa must be revamped to boost economic growth

Stokvel safety and precautions during the seasonal withdrawals

29% of high-income emerging South Africans lack emergency savings

BUDGET 2024 – an overview

The Maintenance Act changes and the US electoral system

BRICS currency and portfolio insights

Sovereign wealth funds, bonus tax and US earnings season

Crypto tax, government bailouts and Google’s legal troubles

Greylisting impacts and understanding FSP licenses

REPORT | The 2023 state of ransomware in South Africa

Key findings

Common root causes of attacks

LEAVE A REPLY Cancel reply

EDITOR PICKS

Retirement calculator for South Africa – Am I saving enough?

VAT calculator South Africa (15%) – Add or remove VAT

AI didn’t kill the job, it killed the junior years

POPULAR POSTS

The R54 billion miscalculation – what it means for homeowners

Apple and value creation

How long do solar panels last in South Africa? Our insights

POPULAR CATEGORY

Learning through others: building resilience in times of uncertainty

Cyber insurance risk management