South Africa’s biggest threats in 2025

A new report found that cyber incidents like data breaches or ransomware attacks are the biggest risks for South Africa in 2025, followed by business interruption and natural catastrophes.

This was revealed in the Allianz Risk Barometer for 2025, which compiles the views of over 3,700 risk management experts from more than 100 countries and territories.

In its report, Allianz found that cyber incidents top the list worldwide as a significant threat to businesses.

“2024 was an extraordinary year in terms of risk management, and the results of our annual Allianz Risk Barometer reflect the uncertainty many companies around the globe are facing right now,” Allianz Commercial Chief Underwriting Officer Vanessa Maxwell said.

“What stands out this year is the interconnectivity of the top risks. Climate change, emerging technology, regulation and geopolitical risks are increasingly intertwined, resulting in a complex network of cause and effect.” 

“Businesses need to adopt a holistic approach to risk management and consistently strive to enhance their resilience and we are expecting that risk mitigation and building resilience in order to address these fast-evolving risks.”

Around 38% of overall responses identified cyber incidents as significant risks. For the fourth year in a row, they now rank as the most important risk globally – and by a higher margin than ever. 

It is the top peril in Europe, North and South America, Africa and Middle East regions and in 20 countries, including Argentina, France, Germany, India, Kenya, and Mauritius. 

More than 60% of respondents identified data breaches as the cyber exposure companies fear most, followed by attacks on critical infrastructure and physical assets with 57%.

“For many companies, cyber risk, exacerbated by the rapid development of artificial intelligence, is the big risk overriding everything else,” Rishi Baviskar, Global Head of Cyber Risk Consulting at Allianz Commercial, said. 

“It is likely to remain a top risk for organisations going forward, given the growing reliance on technology – the CrowdStrike incident in summer 2024 once again underlined how dependent we all are on secure and dependent IT systems.”

Cyber incidents ranking so highly in South Africa does not come as a surprise, as the country saw its fair share of cyber incidents in 2024.

Several large South African companies experienced data breaches and other cyber attacks last year.

In March 2024, Nampak announced that it had detected unauthorised activity on its IT systems.

According to the company, an unknown third party gained access to its IT systems despite its “robust and embedded security protocols.” 

In the same month, the Companies and Intellectual Property Commission (CIPC) database was hacked, exposing South African business owners’ usernames, passwords, credit card details, and other sensitive information.

A few months later, in July, mining giant Sibanye-Stillwater was hit with a cyber-attack involving all of its global IT systems.

More recently, in November, Standard Bank confirmed that it experienced a data breach that involved the personal and financial information of a limited number of clients in South Africa.

Also in November, Telkom announced it had taken legal action against a third-party company and a franchisee employee for allegedly fraudulently poaching the telecom giant’s customers. 

Telkom said it became aware of the fraud after a whistleblower alerted the company to fraudulent targeted customer poaching.

The implicated franchisee employee is alleged to have leaked Telkom customer data, which he had access to during the course of his job, to the third-party company, thereby enabling unlawful activities.

In the same month, a cyber extortion gang claimed responsibility for a spree of alleged cyberattacks affecting some of South Africa’s critical sectors, including financial institutions, credit bureaus, and government entities.

The group claimed to have used compromised data from credit bureaus to infiltrate the backend systems of several banks by exploiting vulnerabilities in the systems of credit unions TransUnion, Experian, and XDS.

They specified that Absa, FNB, Nedbank, Discovery, and TymeBank were among those affected. 

Other risks

The threat of business interruption ranked second among South Africa’s biggest risks in the Allianz report.

Business interruption is typically a consequence of events like natural disasters, cyber-attacks or outages, insolvencies, or political risks like conflict or civil unrest, which can all affect a business’s ability to operate normally. 

Allianz said several examples from 2024 highlight why companies still see business interruption as a major threat to their business model. 

For example, in 2024, Houthi attacks in the Red Sea led to supply chain disruptions due to the rerouting of container ships.

Other incidents, like the collapse of the Francis Scott Key Bridge in Baltimore, also directly impacted global and local supply chains. 

According to an analysis from Circular Republic, in collaboration with Allianz and others, supply chain disruptions with global effects occur approximately every 1.4 years, and the trend is rising. 

Those disruptions cause major economic damages, ranging up to 5% to 10% of product costs and additional downtime impacts.

“The push for technological advancement and efficiency is affecting the resilience of supply chains,” said Michael Bruch, Global Head of Risk Advisory Services at Allianz Commercial.

“Automation and digitisation have significantly accelerated processes, which sometimes overwhelm individuals due to the rapid pace and complexity of modern technology.” 

“However, when implemented effectively, these technologies can also enhance resilience by providing better data analytics, predictive insights, and more agile response capabilities.” 

He said that this is why building and investing in resilience is becoming critical for every company around the globe.

Third on the list of South Africa’s biggest risks are natural catastrophes, which have become more prevalent with the rise of climate change.

In 2024, Soul Abraham, Chief Executive for Retail at Old Mutual Insure, warned that rising risks associated with climate change are putting insurance companies out of business, damaging South African properties, and threatening the economy. 

He said the sector has already seen several non-life insurers offering personal and commercial insurance being forced to shut down due to rising risks. 

“Further casualties are inevitable if all stakeholders do not contribute to mitigating climate change risks,” he said.

The increasing frequency and severity of smaller catastrophic events have significantly impacted the South African insurance industry.

In 2023, Old Mutual Insure reported ten weather-related claims, with three significant incidents resulting in millions of rands in damages.

These major incidents included February’s Vaal River floods, severe storms in the Western Cape in June and again during the Heritage Day weekend in September, and hailstorms across Gauteng and Mpumalanga in November 2023.

These events have led to several challenges for insurers, including more frequent weather-related claims, higher reinsurance costs, and increased premiums.