When the year finally ends, I think we should gather African tech companies in a room and ask how many of them survived without suffering a single cybersecurity attack.
It’s becoming that bad. But before you pull a strand out of your hair, please relax; no one got attacked this time. Yet, South Africa’s Information Regulator said there were 2,374 security breaches in the 2024/25 financial year; that’s about 198 breach notifications popping up in situation rooms every month.
And somehow, it got even worse this year. About 1,947 of those breaches happened from April 2025 to date. It’s like more talented attackers have been inspired to put on a V for Vendetta mask and become self-described “hacktivists.” That, or these people are just angry.
Across Africa, several companies have suffered direct and third-party breaches this year, including Kenya’s M-Tiba, which was hit recently, and others like Safaricom, Eskom, and various government agencies across the continent.
In South Africa, telecom companies Cell C and MTN suffered ransomware and data breach attacks. Another report said the country’s State Security Agency (SSA), its intelligence service (don’t laugh), was possibly attacked by RedNovember, an alleged Chinese state-sponsored group, in September.
The trend is increasingly worrisome, and company executives across industries have been calling for stronger security measures. Yet in an erratic market like Africa, where other concerns such as compliance, product, and marketing often dominate budgets, should tech companies really be paying significantly more for security than for everything else?
