October marks Cybersecurity Awareness Month – a crucial period for South Africa’s fast-growing digital sectors, including iGaming, finance, and e-commerce. It’s a chance to recognise that the threat landscape is changing at an incredible pace. Cyberattacks aren’t just for elite hackers anymore. Modern tools, especially artificial intelligence, have made it easier for even less experienced individuals to launch sophisticated campaigns. In South Africa, we’re seeing this clearly: national data and industry reports show record-high attacks and a sharp increase in credential-theft malware targeting high-transaction platforms. ESET’s H1-2025 Threat Report reveals that infostealers have more than doubled compared to H2-2024, now making up almost a fifth of detections. South Africa is also the most targeted country in Africa for infostealer and ransomware attacks.
Recent industry surveys indicate that AI-driven cyberattacks shot up by 47% in 2025, leading to global losses in the tens of billions. From advanced phishing campaigns and ransomware creation to multi-agent hacking tools, automation has unleashed a relentless wave of attacks that overwhelm traditional defences. Criminals don’t need advanced technical skills anymore – often, persistence and access to large language models are enough to cause serious disruption. For South Africa, this means more account takeovers, large-scale phishing in local languages, and automated abuse against payment systems. The average cost of a data breach in South Africa stands at R44.2 million, with the financial sector bearing the heaviest burden, averaging R70.2 million per breach.
Cybersecurity: A top strategic priority in 2025
This reality highlights a wider global trend: cybersecurity isn’t a nice-to-have, it’s essential for business. The iGaming Trends Report 2025 by SOFTSWISS identified cybersecurity as one of the 15 most important global trends shaping the future of online gaming – one of the few that could make or break an operator. Here in South Africa, operators should align with POPIA and provincial regulatory expectations for security governance and incident communications, evolving regulations for betting and financial services are bringing stricter oversight, raising expectations for proven security. This focus on resilience, however, extends beyond technical cybersecurity to include dedicated efforts against player-driven financial fraud. Proactive efforts in this area are clearly making a difference; SOFTSWISS’s Anti-Fraud team, for instance, prevented over €15 million in fraudulent transactions and managed more than 56 000 related tasks between January and August 2025, demonstrating the tangible benefits of robust internal controls.
Technology-driven industries are particularly vulnerable. Unlike sectors focused on intellectual property, attacks on gaming, financial services, and digital commerce often aim for direct financial gain. With billions of transactions and vast amounts of sensitive customer data processed daily, these businesses are prime targets. Payments are another key area of pressure: the widespread adoption of digital payment methods means fast payouts and withdrawals are expected, but this also attracts fraud and mule accounts. This shifts more risk towards identity, session integrity, payout controls designed as “payouts with brakes” (tiered limits, holds and secondary checks on risky routes) rather than one-click flows.and the need for quick responses.
Evgeny Zaretskov, Group Chief Information Security Officer at SOFTSWISS, observes, “In iGaming, cybersecurity does more than just protect; it builds player trust and keeps businesses resilient and honest. In a world of constant threats, successful organisations are those that can foresee risks, react quickly, and be open when challenges arise. Security drives trust. Operators win when they spot fraud early, communicate clearly, and recover fast – all without spoiling the player experience.”
What iGaming teaches us: Building resilience for the 24/7 economy
The iGaming sector, with its round-the-clock global operations, offers a valuable model for other industries facing similar challenges. At SOFTSWISS, a leading iGaming software provider operating in many regions, cybersecurity is a top priority. The organisation established a Security Operations Centre (SOC) designed to run continuously, ensuring no gaps in defence. To serve its markets, SOFTSWISS ensures its systems meet local expectations, meaning security controls and monitoring integrate smoothly across local operator environments.
Beyond the technical infrastructure, SOFTSWISS also demonstrates a strong commitment to player well-being through its Responsible Gambling team. In the first half of 2025, this team reviewed around 16 000 cases, encompassing self-exclusion requests, proactive interventions, and behavioural checks. Their initiatives, including the launch of a Responsible Gambling Video Digest and bilingual training modules for support teams, underscore a unified approach to player protection and compliance across multiple jurisdictions.
The SOC needed to cover multiple in-house products, each with its own infrastructure, risk profile, and regulatory requirements. Instead of relying on expensive, all-encompassing enterprise solutions, SOFTSWISS built its SOC around open-source, automation-first tools. This approach brought scalability, cost efficiency, and – crucially – complete control over security processes. s. For South African traffic patterns, SOC playbooks prioritise account-takeover prevention, payout-abuse detection and high-signal bot management, with DDoS/API hardening as baseline hygiene.
Automation became central. Repetitive alerts and false positives are filtered and enriched before they reach human analysts, allowing them to concentrate on the most serious incidents. If a breach occurs, the organisation deploys a cross-functional Cybersecurity Incident Response Team (CSIRT), ensuring a rapid, coordinated response across infrastructure, applications, identity management, and communications. Practical improvements include automatic evidence preservation, coordinated holds on suspicious payouts with payment partners, and clear player communications to minimise harm and churn.
What this means for South Africa’s digital ecosystem
Miranda Guliashvili, Head of Regional Growth at SOFTSWISS, notes that South Africa’s digital economy is growing fast. “The evolving regulations for betting, fintech, and digital platforms bring both opportunities and risks,” she says. “Businesses in the country are increasingly attractive targets for cybercriminals looking for quick financial gains. This is also about market trust: only authorised, certified operators undergo audits, security assessments, and consumer-protection checks – while the grey market avoids these basic standards. Enforcement has increased, but users moving to illegal sites remains a worry.”
For South Africa’s operators, the takeaways are:
- Cybersecurity must be seen as a strategic investment, not just a cost. Back this up with verifiable practices: continuous security reporting, third-party attestations, red-team exercises, and a tested incident-readiness programme.
- Always-on SOCs and automation-driven defences are vital for sectors with high transaction volumes. “Always-on” matters because attackers automate: prioritise post-login protection (device binding, behavioural scoring) and risk-based payout controls, alongside high-fidelity bot detection and resistance to credential stuffing with leak intelligence.
- Cross-functional response models ensure resilience when incidents inevitably happen. Link security operations with fraud and payments operations so that session anomalies, mule patterns, and payout risks are quickly triaged and contained in one swift loop.
- Most importantly, trust is the most valuable asset in the digital age – and it can vanish overnight after a breach. Protect that trust with POPIA-aligned incident communications, strong account protection (e.g., passkeys/WebAuthn), and quick financial recovery options for affected users.
Staying ahead of AI-powered threats
As attackers use AI to scale their operations, defenders must match their speed. This means combining open-source adaptability, automation, and human expertise in a layered defence strategy. Go beyond the basics with an AI-ready defence stack:
- Real-time session-risk scoring and behavioural biometrics to stop automated account takeovers.
- Token binding and step-up authentication triggered by LLM-style phishing signals.
- Model-driven detection of scripted agents across web/mobile.
- Deception assets for bot management.
- Quick takedown pipelines linked to local language phishing hosts.
- Continuous purple-team drills to test controls against generative-attack playbooks.
The risks go beyond downtime or financial loss. A serious breach can lead to regulatory penalties, customer loss, and reputational damage that takes years to fix. For South Africa’s businesses entering the new regulatory era of digital gaming and financial services, strong cybersecurity isn’t just a technical requirement – it’s the bedrock of sustainable growth. Recent enforcement trends show that weak security governance and slow incident response can halt operations – and that rebuilding user trust is much harder than preventing the incident in the first place.
