History’s most famous security breach did not involve force, fire or siege engines. The city of Troy fell because it trusted what appeared to be a gift. The Trojan Horse was welcomed inside the city walls, only for its hidden occupants to emerge once the gates were closed. That lesson has endured for centuries, and it remains strikingly relevant in the digital age.

Modern “Trojan” malware operates on precisely the same principle. Malicious software is disguised as something safe, useful or routine, such as an email attachment, software update, invoice, or link. Once activated, it allows unauthorised access to systems, data and networks, often with devastating consequences. Businesses today are just as vulnerable to deception as ancient Troy, and the legal consequences of a cyber incident can be severe.

Cybersecurity is therefore no longer a purely technical concern. It is a legal, operational and governance obligation.

The legal framework governing cybercrime in South Africa

South Africa’s primary legislative response to cyber threats is the Cybercrimes Act 19 of 2020. The Act creates a comprehensive framework for the prevention, investigation and prosecution of cybercrime and imposes obligations on certain institutions, particularly financial institutions, to detect, report and preserve evidence of cyber incidents.

The Act criminalises a wide range of conduct that commonly arises from malware-based attacks, including unlawful access to computer systems or data, unlawful interception of data, interference with data or systems, and the creation, possession or use of malicious software tools. Cyber fraud, cyber forgery and cyber extortion are also expressly criminal offences under the Act.

From a compliance perspective, this means that businesses can no longer treat cyber incidents as purely internal IT matters. Certain incidents must be reported to the South African Police Service, and failures in prevention or response may expose organisations to regulatory, civil and reputational risk.

Common cyber threats facing businesses and organisations

Cybercrime takes many forms, but several recurring threat patterns dominate modern incidents. Understanding these risks is essential not only for operational security but also for legal compliance and risk management.

Social engineering and deception-based attacks

Social engineering attacks exploit human behaviour rather than technical vulnerabilities. Attackers impersonate trusted or authoritative figures, promising rewards, urgent action or assistance requests in order to manipulate individuals into disclosing sensitive information or performing harmful actions.

These attacks often involve fraudulent emails, messages or phone calls and are effective because they bypass technical safeguards by targeting human error. Under South African law, such conduct typically constitutes cyber fraud and related offences under the Cybercrimes Act.

Ransomware attacks

Ransomware remains one of the most damaging forms of cybercrime affecting businesses. Victims are often infected through compromised websites, malicious email attachments or deceptive links. Once installed, ransomware encrypts data or blocks access to systems, after which the attacker demands payment in exchange for restoration.

Beyond the immediate operational disruption, ransomware incidents raise complex legal issues, including reporting obligations, data protection liability and potential exposure under financial crime legislation.

Malware and malicious software tools

Malware is a broad category that includes viruses, spyware, worms and Trojan software. These tools enable attackers to steal information, monitor activity, corrupt systems or execute unauthorised actions without detection.

The creation, distribution and use of malware is expressly criminalised under South African law. In addition to criminal liability for perpetrators, organisations that fail to secure systems adequately may face regulatory scrutiny where negligence contributes to data breaches or financial loss.

Man-in-the-middle attacks

Man-in-the-middle attacks occur when an attacker secretly intercepts communications between two parties. These attacks are particularly common on unsecured or fake public Wi-Fi networks, where users unknowingly transmit sensitive information through compromised connections.

Such attacks may involve unlawful interception of data, a specific offence under the Cybercrimes Act, and can result in credential theft, financial fraud and identity compromise.

Insider threats

Not all cyber risks originate outside the organisation. Insider threats arise where employees, contractors or service providers abuse authorised access to systems or data for personal gain or malicious purposes. These incidents are often the most difficult to detect and may involve fraud, data theft or sabotage.

From a legal perspective, insider incidents raise issues of access control, internal governance, and employer responsibility to implement adequate safeguards.

Legal and practical measures to mitigate cyber risk

Effective cybersecurity requires a combination of technical controls, legal compliance and organisational discipline. Businesses that fail to take proactive steps expose themselves not only to cybercrime, but also to regulatory and civil liability under South African law.

Governance frameworks and internal policies

Organisations should implement a structured compliance framework that identifies applicable laws, maps operational risk and adopts internal policies to ensure compliance. Key policies include incident response plans, cybersecurity governance policies, and data protection and privacy policies aligned with applicable legislation.

Training and cybersecurity awareness

Human error remains one of the most common entry points for cybercriminals. Regular training and awareness programmes are critical to ensure that employees can identify phishing attempts, suspicious attachments and social engineering tactics before damage occurs.

Access control and data minimisation

Sensitive information should be accessible only to authorised individuals. Limiting access rights, implementing role-based permissions and regularly reviewing access controls significantly reduces the risk of both external and insider threats.

Investment in technical safeguards

Maintaining updated systems, applying security patches, encrypting sensitive data and enforcing strong authentication measures are essential components of cyber resilience. Cybersecurity investment is no longer optional; it is a necessary cost of doing business in a digital environment.

Preparedness and incident readiness

Cyber incidents are no longer a hypothetical risk. Organisations must assume that an incident will occur at some point and prepare accordingly. Continuous monitoring, regular risk assessments and tested incident response procedures are essential to limiting damage and ensuring legal compliance when incidents arise.

Conclusion

The story of the Trojan Horse endures because it captures a fundamental truth: the greatest threats are often those we invite in ourselves. In the digital era, cybercrime thrives on deception, trust and complacency. Legal compliance, vigilance and preparedness are the modern equivalents of fortified city walls.

For businesses, cybersecurity is no longer just about protecting systems. It is about meeting legal obligations, safeguarding stakeholders and preserving organisational integrity. The cost of ignoring these responsibilities can be far greater than the investment required to prevent harm.

In a world where cyber threats are increasingly sophisticated, resilience begins with awareness, governance and the willingness to question what appears harmless before it is allowed through the gate.