South Africa has The legislative basis but practical capacity to respond to nation-level cyber attacks has not yet been realized.
Earlier this week a wave of distributed denial-of-service (DDoS) attacks disrupted the connectivity of more than half a dozen South African hosting providers and internet experts, including 1-Grid, Xenilo, Network Platforms, Host Africa and Domains.co.za. Thousands of businesses downstream were affected, while upstream impacts disrupted connectivity through the Seacom undersea cable.
But industry players are divided on whether the government should respond or not. A senior networking expert quoted in TechCentral earlier reporting Criticized the government's apparent silence on the matter.
“If this had happened in the UK, US or Australia, there would already have been a government-level task team… actively assisting affected centres, exchanging indicators of agreement with foreign counterparts and issuing public technical advisories within 24 hours,” the expert said.
But others, including one of those directly affected, see it as an industry issue that should be resolved without government involvement.
“We have not reached out to the government on this matter. This is a matter of concern that should be discussed within the industry. We are considering our involvement,” Athena Turner, head of marketing at Xenilo, told TechCentral.
Supervision
Communications Minister Solly Malatsi responded by saying he was in talks with Presidential Minister Khumbudzo Ntshavweni on a coordinated approach.
“I am aware of the large-scale distributed denial of service attacks that have targeted South African web hosting and telecommunications companies over the past week and note the increased concern this has raised among businesses and the public,” Malatsi said.
“I am in dialogue with the Minister in the Presidency to ensure a coordinated whole-of-government approach to monitor these attacks and implement concomitant responses within the provisions of applicable law, including the Cyber Crime Act, given that the mandate for this lies with his department.”
Reading: SAPS cannot fight cyber crime alone
The Cyber Crime Act sits alongside Ntshavweni's portfolio, which also oversees the State Security Agency. According to lawyer Samantha Moloi, whether the state's response exceeds ministerial coordination is questionable. Thulamela ChambersWhose practice includes cyber security, AI law and technology.
According to Moloi, South Africa has the legal framework but lacks the practical capacity to adequately respond to a national-level attack.
Cyber Crime Act 19 of 2020 criminalizes unlawful access, interception of data, interference with data or computer systems and cyber extortion.
It also creates response tools, including prompt protection instructions, a designated point of contact, and reporting obligations for electronic communications service providers and financial institutions.
“In my view, and in short, the real weakness is capacity,” Moloi said.
Section 55 of the Act requires the Minister responsible for policing to establish and maintain adequate human and operational capacity to detect, prevent and investigate cyber crimes.
“That wording is important because it shows that the capability has not been estimated; it must still be built and maintained. It was promulgated in 2020; to date, we do not have a dedicated cyber division in SAPS, but there is fragmentation.”
For affected businesses, the first technical coordination point is the government's cybersecurity hub – although Moloi noted that its website is “on hold”, offering only an e-mail address to report incidents.
point of departure
Where an incident constitutes cyber crime, the statutory point of call is the South African Police Service, but the ability to investigate and prosecute remains open to question. Industry experts have first noted That the SAPS does not have the capacity to deal with cyber crime on its own.
Moloi argued that what is needed is not more legislation but practical response capacity: trained cyber investigators, technical incident responders, forensic capacity, real-time threat intelligence and a clear national coordination system linking SAPS, cybersecurity hubs, regulators, telecom providers, banks and other private infrastructure operators. A central cybersecurity hub, and possibly a dedicated court and prosecution unit, would be a sensible starting point, he said.
Reading: Extortionists 'Carpet Bomb' South African Internet Hosts
Moloi pointed to the UK's National Cyber Security Center – which investigates serious incidents, defines a cross-government response and provides direct support to victim organizations – as a practical model. Australia's Cyber Security Center and ReportCyberService, and Canada's Cyber Security Centre, follow a similar centralized approach.
Fragmentation has also been factored into the legislative landscape. The Cyber Crime Act sits alongside POPIA, the Electronic Communications and Transactions Act, RICA, the Electronic Communications Act and the Critical Infrastructure Protection Act – an AI Act is expected to follow.
A single attack can simultaneously impact SAPS for criminal offences, cyber security hubs for coordination, information regulators for personal information, Icasa for electronic communications and critical infrastructure structures where essential services are affected.
“Without a clear national incident command structure, departments may respond in silos rather than in a coordinated state response,” Moloi said.
For now, Malatsi's association with the presidency is a clear sign that the matter has reached cabinet level, even if, according to Moloi, the deeper problem is one that Pretoria has yet to resolve. – © 2026 NewsCentral Media