SA ranks ninth globally for data breach costs

by Apr 17, 2023Insights

Identity theft, financial loss and damaged reputations – these are the devastating consequences of data breaches. In a recent report by Proxyrack, South Africa was ranked ninth in terms of the costs associated with data breaches, with the average breach costing local companies around R58 million.

On the one hand, South Africa is experiencing rapid digitisation. Improvements in IT infrastructure and connectivity mean that more business is happening online. On the other hand, there is a general lack of cyber security awareness among organisations. To compound the issue, there is also insufficient investment in cyber security infrastructure and technology. 

The country’s complex regulatory environment and slow response to cyber threats by law enforcement agencies have contributed to the problem, making it easier for cyber criminals to operate and evade punishment. This has made South Africa a fertile breeding ground for data theft. 

Data breaches in South Africa

The South African Information Regulator receives notifications on approximately 56 data breaches a month. All public and private entities that experience security breaches need to notify this regulatory body, which is mandated to protect the privacy of South Africans under the Protection of Personal Information (POPI) Act. The number of cases is constantly increasing and there have been a number of notable data breaches in the country in the past year.

Proxyrack’s report on the cost of these cyber security issues identified the primary industries affected by such cyber attacks – healthcare, finance and pharmaceutical industries are the most affected, followed by technology, energy and services. This trend has been apparent in South Africa with high-profile data breaches affecting key industries. 

In 2022, hackers targeted pharmaceutical retailer, Dis-Chem, in an attack that involved the personal records of over 3.6 million South Africans. The local branch of Experian, a global credit reporting company, also suffered a data breach that affected approximately 24 million South Africans and over 793 000 businesses in 2020. 

In that same year, Life Healthcare – one of South Africa’s largest private hospital groups – suffered a data breach that impacted the personal and medical information of approximately 5.6 million patients. 

Data breach costs around the globe

The United States incurs the highest cost when it comes to data breaches. The average cost in the U.S. is about R36m ($2m) more than in other countries. The Middle East ranks second with an average data breach costing around R125m.

In Europe, the countries paying the most to cover the cost of a data breach are Germany, the United Kingdom, France and Italy. Interestingly, although Brazil experiences a high number of attacks, no countries in South or Central America made it into the top 10. Despite having the highest total number of data breaches, almost 100 million in 2022, Russia also does not rank among the top 10 affected countries. 

Dealing with data breaches

 Prevention is better than cure when it comes to data breaches. Once a leak occurs, it can be difficult, time-consuming and expensive to contain the damage that has been done. After an attack, organisations need to identify and mitigate the cause of the breach. Tech teams must secure the compromised systems and data, notify affected individuals or organisations and deal with the legal and financial fallout. All this comes with a high price tag. 

In contrast, taking proactive steps to prevent data breaches before they occur can help minimise the risk and potential impact. This can include measures such as implementing strong cyber security, providing cyber security training and awareness to employees and regularly conducting vulnerability assessments and penetration testing.

Prevention is typically less expensive and less disruptive than remediation, making it a more cost-effective and efficient approach to data security. Incorporating data security at every level of a company is crucial for its sustained success – neglecting it can have severe consequences. As such, cyber security is a key factor that should not be overlooked by any business.

Cyber security with 4C

4C Cyber Security offers several services to enterprises in South Africa. Local businesses have unique cyber security challenges, often having limited resources and expertise. Organisations are generally vulnerable to advanced cyber threats which can harm their financial well-being, operations and reputation if they do not take appropriate action. 

This is where 4C’s cyber security services play a crucial role. Our foundational services are tailored to safeguard businesses against a range of threats, while also helping to identify and address vulnerabilities, prioritise risks and meet compliance standards. With our services, businesses can be confident that data is secure. 


At 4C Group of Companies, we strive to effect operational changes and cost savings for customers through our iNSight product and associated services. This product’s main function is to re-purpose and deliver business-critical information to a variety of systems and stakeholders. 

We specialise in information assurance, business assurance, fintech solutions and a variety of cyber security services. For more insights into our products and services, check out our blog page or follow us on Facebook, LinkedIn and Twitter.

You may also like…

The Ever-Evolving Threat Landscape

The Ever-Evolving Threat Landscape

Why Your Cybersecurity Needs Regular Attention The digital age has brought incredible advancements in communication, productivity, and access to information....

read more