South Africa has recorded the highest cyberattack rate globally, according to a State of Workforce Password Security 2026 report, which warns that many organisations still lack visibility into user identities and access.
Released on World Password Day, the study underscores mounting risks as businesses face rising threats, regulatory pressure, and weak access controls.
Cyberattacks
With cyberattacks, identity security, and POPIA compliance continuing to dominate conversations locally, the findings speak directly to the growing pressure on businesses to strengthen access management and cybersecurity readiness.
The findings are stark: 36% of organisations reported cyberattacks – the highest worldwide – while 79% admitted they cannot fully track user identities and access.
‘Disconnect’
The report highlights a widening disconnect between escalating threats and basic security readiness.
“South Africa’s organisations are operating in an increasingly complex threat landscape, yet many still lack visibility into who has access to critical systems and data,” said Andrew Bourne, Regional Head at Zoho South Africa.
“As identity becomes the primary security perimeter, organisations must prioritise stronger access controls and password management to reduce risk and support compliance.”
Zero Trust
The study found 71% of organisations lack a Zero Trust strategy, while 58% flagged unmanaged third‑party access as a major risk.
Credential‑based threats such as phishing and compromised passwords continue to drive incidents, particularly in financial services, where sensitive data makes institutions prime targets.
While 73% of organisations plan to boost cybersecurity budgets and 87% believe AI can strengthen outcomes, Zoho cautioned that “closing the identity visibility gap will be essential to strengthening resilience, reducing cyber risk, and meeting regulatory requirements.”
SMB’s
Small and medium‑sized businesses remain especially vulnerable, with half lacking dedicated security teams. Rapid cloud adoption and reliance on third‑party vendors are further expanding attack surfaces, complicating oversight and compliance under POPIA.
Rapid cloud adoption, driven in part by infrastructure challenges, is further expanding the attack surface and increasing reliance on third-party integrations, thereby adding to the complexity of securely managing access.
Cybersecurity
Zoho said the findings position South Africa at a critical point in its cybersecurity journey.
“While awareness and investment are increasing, closing the identity visibility gap will be essential to strengthening resilience, reducing cyber risk, and meeting regulatory requirements,” according to the study.
The report positions South Africa at a critical juncture: awareness and investment are rising, but without stronger identity governance, businesses risk falling further behind in the fight against cybercrime.
