South African companies are facing a sharper and more costly cyberattacks problem than many boards still realise. The threat is no longer limited to stolen data or locked systems; it now reaches into factories, mines, power infrastructure and day-to-day operations, where a digital breach can quickly become a physical disaster.
That warning matters in South Africa, where businesses are pushing hard on automation, digitalisation and remote monitoring to improve efficiency. The same technologies that boost productivity, however, can also create new weak points. If hackers get into operational systems, the impact can spread beyond IT departments and into plant floors, supply chains and service delivery.
Risk specialists say the growing overlap between cybercrime and physical assets is being driven by a more aggressive global threat environment. Recent attacks linked to conflict in the Middle East have shown how geopolitical tensions can spill into the cyber domain, with state-sponsored actors and hacktivist groups increasingly targeting critical infrastructure such as power grids and industrial facilities.
For South African firms, the implications are sobering. Many businesses assume their existing insurance will carry them through a cyber-related incident, only to discover later that the policy wording does not stretch far enough. In practice, that can leave companies underinsured or completely exposed when cyber incidents cause property damage or trigger prolonged shutdowns.
The issue is not just whether a company’s data is safe. It is whether a malicious or accidental cyber event can stop production, damage equipment, interrupt essential services or prevent staff from responding in time. In sectors such as mining, manufacturing and energy, that risk can translate into real-world danger within minutes.
Why cyberattacks are becoming a physical business risk
The conversation around cyberattacks has changed dramatically as attackers increasingly target operational technology, not just office networks. That includes the control systems that run industrial machinery, safety monitoring tools, smart building platforms and other systems that keep physical operations moving.
According to one estimate, the number of sites globally that suffered physical operational impairments due to cyber incidents jumped 146% in 2024, rising from 412 in 2023 to 1 015. Most of those incidents affected multiple sites, which shows how quickly one breach can ripple through a larger network of assets.
For Africa, the challenge is even more urgent because cyber insurance adoption still trails the scale of the threat. The Middle East and Africa cyber insurance market was valued at about US$283-million in 2024, and it is expected to grow. But the bigger story is the protection gap: many organisations still lack the kind of insurance cover and cyber controls needed to deal with cyber-physical loss.
Africa’s economic exposure is also significant. Cybercrime has been estimated to drain more than 10% of GDP across the continent, which works out to losses of more than $4-billion. Ransomware, rapid digital expansion and weak control environments continue to widen the risk pool for companies that rely on connected systems.
The mining sector is a good example of how quickly things can go wrong. A cyberattack on a mine can disrupt gas detectors, ventilation controls and emergency shutdown systems, creating dangerous conditions that may go unnoticed. If communications are hit as well, evacuations and emergency responses can be delayed.
Manufacturing plants face a similar problem. Malicious code can disable machinery, manipulate production lines or interfere with environmental controls that manage temperature and humidity. If safety systems are tampered with, the result can be injury, downtime and expensive repairs.
Power infrastructure is among the most vulnerable targets. A breach on a grid can affect generation, transmission and distribution systems, causing equipment failures, transformer overloads or damage to substations and switchgear. In extreme cases, that can lead to cascading failures, fires and wide-scale outages.
There have already been high-profile examples around the world. In 2021, a cyberattack on a US fuel pipeline stopped oil flow, while an attack on a German steel mill caused severe disruption and damage to a blast furnace. In another incident, a former hospital employee infected the facility’s systems with malware, putting the heating, ventilation and air-conditioning environment at risk and raising patient safety concerns.
The list of possible consequences is longer than many executives expect. Attacks can result in ransom payments, loss of access to engineering tools, broken visibility on alarms and human-machine interfaces, loss of historical data, disrupted quality assurance, compromised SCADA functions and damaged trust with customers, regulators and investors.
It is also worth remembering that not every cyber incident is deliberate. A major global technology outage in 2024, linked to a CrowdStrike software update, showed that even non-malicious events can trigger business interruption and operational chaos. For companies running complex systems, the result can look very similar to a hostile attack.
The insurance gap South African firms can no longer ignore
For many businesses, the problem is that traditional property cover no longer does what it once did. A decade ago, some property policies still absorbed certain cyber-related losses. Today, however, most modern property wordings exclude cyber risk, especially where the loss stems from digital intrusion, system manipulation or software failure.
That leaves physical cyber risk as one of the most significant uninsured liabilities on corporate balance sheets. Boards may believe they are protected because they carry property, liability or business interruption cover, but the exclusions often bite when a cyber event is the underlying cause.
The insurance market has responded by developing more specialised solutions. These are usually offered either through exclusionary buybacks or on an affirmative basis, where the policy specifically covers cyber-physical damage and related interruption losses. In plain terms, insurers are now being forced to write cover that reflects how modern businesses actually operate.
This shift matters in South Africa, where firms are balancing cost pressures, regulatory expectations and the need to keep operations running in an increasingly connected environment. If a cyber incident damages equipment or forces a shutdown, the financial impact can be severe long before a company even gets to the claims stage.
Our reporting shows that risk managers are being pushed to think more broadly about cyber resilience. It is not enough to focus on firewalls and passwords when a breach could stop a conveyor belt, corrupt a control room or disable emergency systems. That is why insurers and brokers are now placing more emphasis on site-level controls, technical assessments and business continuity planning.
Businesses are also being urged to look closely at their own gaps. That means mapping where digital systems connect to physical assets, checking whether cyber exclusions appear in property policies, and understanding how much revenue could be lost if a critical operation goes offline for hours or days.
Specialist risk advisers say a proper gap analysis is one of the best first steps. It can help companies identify where existing cover falls short, estimate the likely financial impact of a cyber-related property loss and decide whether additional cover is necessary.
The bigger lesson is that cyber risk is no longer confined to the screen. It has entered the plant room, the substation, the mine shaft and the factory floor. As South African companies continue to digitise, they will need to treat cyberattacks as both an information security issue and a physical operational threat, because that is exactly how the modern risk landscape now works.