In its latest report, IBM has unveiled findings on the financial impact of data breaches in South Africa for the year 2025. The analysis indicates that organizations in the region faced an average cost of R44.2 million between March 2024 and February 2025 due to data breaches. This marked a significant 17% reduction compared to R53.1 million in the same timeframe the previous year. However, the report also highlighted a concerning trend wherein the average number of breached records rose from 22,600 to 23,445, suggesting an increase in the scale of incidents.
IBM’s extensive review included data from over 600 organizations globally, which encompassed local South African entities. The findings revealed that the most substantial financial burden for businesses arose in the area of detection and escalation, costing an average of R17.5 million. This was closely followed by lost business expenses at R13.1 million. Post-breach response costs averaged R12.54 million, while customer and stakeholder notification costs averaged R950,000.
Despite the overall decline in breach costs, IBM emphasized that South African organizations remain significantly exposed to financial risks throughout the breach lifecycle. Sector-specific costs exhibited variability, with the financial industry recording the highest average breach costs at R70.2 million, followed by the hospitality sector at R57.5 million and the services sector at R56.8 million.
Data breaches often initiated due to third-party and supply chain vulnerabilities accounted for 17% of incidents, with average costs reaching R29.6 million. Additionally, compromised credentials, phishing attacks, and denial-of-service incidents were responsible for 13% of breaches, incurring average costs of R48 million, R50.4 million, and R38.8 million, respectively.
A key takeaway from the report was the identification of three pivotal factors contributing to the reduction in data breach costs: the implementation of advanced data security or protection software, the increasing incorporation of artificial intelligence insights, and the transition to DevSecOps methodologies. Ria Pinto, IBM South Africa’s general manager, noted that organizations are leveraging AI in security operations to enhance their threat identification and containment capabilities.
Pinto highlighted that the growing reliance on AI tools is indicative of a shift in cybersecurity strategies; however, with adversaries also employing AI, it remains crucial for organizations to invest in robust AI governance and enhance the skills of security teams. IBM’s findings revealed that companies employing AI and security automation reported substantially lower breach costs, averaging R36.22 million, compared to R53.7 million for those that did not.
The shift to DevSecOps practices was singled out as a major factor in the reduction of breach costs in South Africa. DevSecOps integrates security into all phases of the software development lifecycle, from planning through deployment. This demand for expertise is aligned with reports from industry leaders such as Muggie van Staden, managing director and CEO of Obsidian Systems, emphasizing a rising need for skills in cloud platforms and security in conjunction with DevOps practices.
The anticipated growth of the DevSecOps market in South Africa is attributed to advancements in technology, evolving regulatory landscapes, and an increasing focus on secure digital infrastructure. As businesses continue to adopt cloud computing, mobile applications, and AI-driven solutions, the integration of security into the software development cycle is becoming paramount, fueled further by government initiatives to enhance cybersecurity frameworks.
Ultimately, the report underscores a pressing need for South African businesses to prioritize security as cyber incidents proliferate, particularly given the backdrop of increasing Internet connectivity and cybercrime across the continent. The potential attack vectors identifiable through the MITRE ATT&CK framework can provide insight into the persistent vulnerabilities facing organizations, emphasizing the necessity for organizations to remain vigilant and proactive in their cybersecurity strategies.
