
According to Knowbe4’s latest report, 91% of professionals in South Africa are confident enough to spot a phishing attempt.
However, the country recorded the highest rate of scam victims (68%) among the surveyed countries.
The purpose of the survey was to assess the cybersecurity habits of professionals who utilize laptops in their daily work in the UK, USA, Germany, France, Netherlands, and South Africa. What transpired was that 86% of employees believe they can confidently identify a phishing email.
68% of respondents from South Africa admitted to the fact that they’ve been scammed before, indicating confidence alone does not equate to immunity from scams.
Phishing is a significant concern in South Africa. Kaspersky reported that phishing attacks aimed at corporate users in South Africa surged by 134% in Q3 2023 compared to the previous quarter, and there was a 16% increase compared to the same period last year.
Most professionals assume they are scam-savvy when in reality, can be swayed with little effort.
“True cyber resilience comes not from assumed knowledge but from continuous education, real-world testing, and an adaptive security mindset,” said Anna Collard, SVP Content Strategy & Evangelist at Knowbe4
The findings from the report affirm the need for more practical, hands-on training or real-world exposure to professionals across the region.
What scams are confident of detecting?
The confidence level of detecting a phishing attack varies based on the scam type and level of sophistication.

Most respondents are highly confident in spotting email phishing (86%) and vishing attacks (83%) as well as social media phishing (83%) and smishing (82%).
However, confidence dips when it comes to manipulative and AI-aided deceptions such as social engineering (67%) and the rising deepfake scams (65%).
97% of South African employees feel very comfortable reporting security issues
Cybersecurity is a concern to most organizations as it demands a proper strategy and culture put in place to ensure a shared responsibility among employees.
“A strong security culture fosters an environment where users feel safe reporting incidents without fear of punishment or blame,” said James McQuiggan, Security Awareness Advocate at Knowbe4.
A good strategy must ensure employees feel safe when reporting security issues.
The report revealed employees still hesitate to report security issues to security teams. 11% hesitate to report security risks.
However, 56% of employees feel very comfortable raising security concerns.
The regional differences in the reporting of security issues were also captured in the report. South African respondents (97%) expressed the highest level of confidence when blowing the alarm.
The way forward
In an attempt to bridge the gap between perceived and actual preparedness and also improve the level of comfort when reporting security issues, Knowbe4 suggests the following solutions:
- Organisations must create personalized training programs that adapt to employee’s strengths and weaknesses, including real-world cyber-attack simulations.
- Organisations must create a blame-free reporting culture to promote early detection of threats.
- They must utilize intelligent cloud-based technology to enhance human decision-making with AI-driven security solutions.