Ransomware attacks are escalating across South Africa, placing small businesses under increasing pressure and driving rapid growth in the country’s cybersecurity industry.
According to the SA Cyber Security Services Report by BMIT, the country’s cybersecurity services market is expected to reach R16.5 billion by 2029, growing at an annual rate of 20.3%. The surge is driven by rising cybercrime, with South Africa increasingly targeted for ransomware and info-stealer attacks.
The growing threat was underscored in late March, when Statistics South Africa confirmed it had been hit by a ransomware attack.
Cybercriminals reportedly accessed more than 450,000 files from an internal human resources system and demanded a ransom of about R1.7 million. Statistics SA refused to pay the ransom. But the attack exposed vulnerabilities about cybersecurity readiness across sectors.
The financial impact of ransomware is escalating fast. The State of Ransomware in South Africa 2025 released by Sophos, revealed that 71% of organisations paid ransoms in 2025 which is up from 43% the previous year.
At the same time, reliance on backups has dropped sharply from 72% to 35%, signalling declining preparedness among businesses.
According to Pieter Nel, Country Manager for Sophos South Africa, this trend is deeply concerning.
“The fact that more South African organisations are choosing to pay ransoms, while relying less on backups shows that many are not adequately prepared for cyberattacks,” he said.
The report also found that the median ransom demand has surged to R18 million, while the median ransom paid has climbed to R8.3 million for large businesses.
Smaller firms are silent but vulnerable
SMEs often face heightened risk due to limited budgets and insufficient cybersecurity infrastructure. Research shows that one in three South African SMEs has been a victim of a cyberattack, including ransomware, yet many incidents go unreported publicly.
Jacques du Toit, CEO of Vox Telecom, said many SMEs mistakenly believe they are too small to be targeted.
“Attackers don’t care about your size. We’ve seen incidents where criminals knew exactly how much money was in the company’s bank account down to the last rand and still went after them,” du Toit said, speaking about the rising frequency and sophistication of ransomware attacks.
SMEs speak out: ‘We are not prepared’
For many small business owners, ransomware is no longer a distant threat, but an everyday concern.
Sanele Gcumisa, founder and managing member of Ocule IT, spoke about an incident where a phishing email nearly compromised his firm’s banking information. The bank flagged the activity just in time.
“It was a close call…too close for comfort,” he said, reflecting on how the incident revealed weaknesses in his company’s cyber defences.
A Johannesburg-based tech company IT Trust, recounted how a ransomware gang contacted the company after a successful infection.
“They told us we had 72 hours to pay or lose our customer records forever,” a tech assistant, Lethabo Morwake said.
“When we couldn’t open critical documents, we realised it was serious. We refused to pay the R250 000 and ended up having to rebuild systems from scratch.”
Industry experts say these experiences are common across the SME sector, where limited budgets and lack of technical expertise leave businesses vulnerable.
Experts warn that ransomware is no longer just an IT issue but a core business risk. Without proper backups, security systems, or response plans, a single attack can shut operations entirely.
“If we lose our data, we lose the business,” Gcumisa said.
