The Communications Risk Information Centre (COMRiC) has published its first-ever Telecommunications Sector Report 2025, offering a clear look at the growing cybersecurity challenges facing South Africa’s telecommunications industry.
“This report reflects the scale and seriousness of the issues at hand,” COMRiC said. “Infrastructure vandalism, SIM swap fraud, ransomware, insider threats, and synthetic identity fraud are not isolated incidents; they form part of a systemic, multi-billion-rand criminal economy.”
The Cost of Cybercrime
According to COMRiC, telecom-related fraud drains approximately R5.3 billion annually from the South African economy, with nearly 60% of mobile banking fraud linked to SIM swap crimes. Phishing remains the most common attack method, costing over R200 million in 2023, up 50% from the year before.
Ransomware also impacted 78% of companies in 2024. A recent report by Sophos shows attackers are charging more than they used to, with the average ransom demand in South Africa reaching R17.79 million.
On average, South Africa experiences 3,312 cyberattacks every week, mainly targeting government and telecom infrastructure. In 2024, data breaches cost businesses an average of R53.1 million per incident.
SIM Box Fraud: Falling Behind
COMRiC warned that South Africa lags behind other countries, like Ghana and Tanzania, in fighting SIM box fraud. These countries have successfully cut down such fraud using AI tools and stricter regulations.
Meanwhile, over one million pre-RICA’d SIM cards were seized in South Africa during 2024 and 2025, showing the urgent need for tougher enforcement.
“South Africa remains behind global best practice in several key areas,” COMRiC noted. “Our response must be bolder and better coordinated.”
New Threats and Workforce Challenges
In 2025, COMRiC observed more sophisticated threats, including AI-powered impersonation scams and employees misusing their access.
These internal issues now stand alongside external risks like ransomware, disinformation, and cyber-physical attacks.
The report also highlighted workforce challenges, such as burnout, a shortage of skilled professionals, and resistance to using AI. “Resistance to AI integration and lack of skilled personnel present significant vulnerabilities,” COMRiC cautioned.
Industry Making Progress
The good news is that the industry is making progress. Between January and April 2025, just 3% of 3,600 SIM swap requests were fraudulent — proof that better authentication is working.
Network operators have stepped up by deploying advanced firewalls, AI-driven monitoring, biometric SIM registration, and working more closely with law enforcement, banks, and regulators.
“We’ve moved from reactive measures to proactive, data-led prevention,” COMRiC said. “AI-powered fraud detection, biometric authentication, and consumer awareness campaigns are reshaping how we think about risk.”
Call for a National Plan
COMRiC stressed the need for a National Cybersecurity Resilience Plan to bring government, business, and civil society together.
“Failure to act decisively will lead to financial crime, systemic vulnerabilities, loss of public trust, and economic damage,” the report warned.
It also urged government to update the Regulation of Interception of Communications Act (RICA), especially to tackle unregulated OTT services and pre-RICA’d SIM cards.
About Author
