Business email compromise most prevalent cyber threat in Africa

by Jul 17, 2023Insights

According to Interpol’s most recent African Cyberthreat Assessment Report, business email compromise is among the most prominent cyber security threats on the continent. Cyber criminals can reap substantial financial rewards from these low-cost, low-risk attacks. At the same time, phishing attacks are also growing in prevalence and sophistication.

South African businesses currently face over 100 cyber security attacks every month, of which business email compromise constitutes a large percentage, costing the country around R2.2 billion every year. 

The same report highlights the need for companies to ensure that their cyber security is always up-to-date and that their employees undergo proper user awareness training. 4C Cyber Security offers risk assessments, vulnerability management, compliance management and user awareness training services to companies in South Africa.

2D illustration of man sitting at computer with a criminal holding a fishing rod in front of his face.

Why email compromise is common in Africa

According to the Interpol report, business email compromise and similar online scams are prevalent in Africa because there is a general lack of cyber security skills and knowledge which allows cyber criminals to take advantage of the reduced levels of digital literacy.

However, a lack of knowledge is not the only contributing factor; a false sense of security or overconfidence in cyber security tools can also lead to successful data breaches and cyber attacks. Additionally, some IT managers and business leaders overestimate their knowledge and rely too heavily on security software.

This is where user awareness training becomes vital. All employees, regardless of their job titles, should attend user awareness training sessions on a regular basis to ensure that they stay up-to-date with the latest tools and technologies in the cyber security field. 

In addition, security tools need to be assessed and updated often. Cyber attacks are always evolving and becoming more sophisticated. Some businesses may also overlook mobile technology as a method used by criminals to access data and intercept confidential information.

Other findings in the Interpol report

The report also revealed that ransomware attacks are on the rise in Africa with cyber criminals targeting governments, retail enterprises and public institutions. However, citizens are also at risk as these entities often require personal information to be entered into online platforms, including ID numbers and banking details.

Ransomware can be used to intercept this data, which not only compromises the security of individuals but damages the reputation of the organisation too. Businesses and public organisations need to take all the necessary steps to ensure that they protect the information of their customers and citizens in accordance with the Protection of Personal Information Act (POPIA).

Interpol also states that crimeware-as-a-service (CaaS) is becoming more popular, both worldwide and in Africa, as it’s an easy-to-use and affordable tool for criminals. Furthermore, the ever-evolving nature of these cyber attacks makes it difficult for law enforcement agencies to investigate these types of crimes. 

Most cyber attacks in South Africa go unpunished as it can be difficult to trace the origin of threats and identify those individuals responsible. To compound matters, many countries in Africa still lack adequate cyber security legislations and standards by which companies are held accountable for protecting their customers’ data.

As a result, Africa is becoming a hotbed for cyber attacks and data breaches. Business email compromise has been identified as one of the leading cyber threats by Interpol, increasing the need for companies to stay cognisant of the ever-changing cyber security landscape and best practices. 

Working with an experienced cyber security service provider and partner can help to minimise the chances of successful attacks. If you’d like to find out more about our cyber security offerings, please contact us today.


At 4C Group of Companies, we strive to effect operational changes and cost savings for customers through our iNSight product and associated services. This product’s main function is to re-purpose and deliver business-critical information to a variety of systems and stakeholders. 

We specialise in information management, business assurance, fintech solutions and a variety of cyber security services. For more insights into our products and services, check out our blog page or follow us on Facebook, LinkedIn and Twitter.

You may also like…