The cost of a cyberattack is colossal: loss of millions in revenue due to downtime of mission-critical machinery, huge sums paid in ransom, and a tarnished reputation among customers and other stakeholders. The stakes couldn’t be higher!
Isn’t it high time heavy industries in Africa took seriously the high-risk threats of cyberattacks their IT systems face from criminals?
By Jimmy Swira
Unlike their predecessors, reliability and maintenance personnel in African heavy industries currently have the luxury of monitoring their assets remotely from their devices anywhere in real time (or near real time). Some can even do this while on holiday. They have smart technologies to thank for that.
The advantages
The advantages this has brought to machinery reliability have been unprecedented: improved uptime, reduced OPEX (maintenance-related), safety, and environmental compliance. Plant engineers couldn’t ask for better convenience.
The downside
However, the downside is that a new threat has emerged in smart technology-driven industries: escalating and fast-evolving cyberattacks. What makes this threat more deadly is that it is always lurking. It is ready to pounce on the most vulnerable systems in industry.
Criminals’ weapons of choice
Usually, based on trends observed in reported incidents, the following are weapons of choice for cybercriminals who execute the attacks with surgical precision: ransomware attacks, phishing and social engineering, malware, and distributed denial of service attacks (DDoS). And don’t rule out the scope of options widening (they are a creative lot).
Introspection
Considering this, there is need for some introspection: Should reliability and maintenance teams in heavy industries be worried about potential cyberattack risks to mission-critical equipment? Could the risks they face be real or exaggerated?
Unfortunately, businesses – heavy industry with no exception – have always taken warnings about attack risks to IT networks with a pinch of salt.
Cyber Cynicism
In heavy industry, cynicism about the magnitude of cyberattack risks persists.
From an OPEX perspective, companies still view investment in protecting their IT systems as an afterthought. It is seen as non-core to their businesses, a frivolous expense by ‘prudent’ personnel in the finance departments. Some even go further, questioning: Could this be a marketing gimmick for software developers and vendors to increase their bottom line with billions in revenue, cashing in on fear?
Add to that the inherent conservative attitude about new technologies or trends in heavy industry, and you have widespread indifference.
Compounding matters, others have a false sense of security: “We are only in Africa, seriously, who can target our systems? We are nowhere near the radar of global bad actors. We are not in the league of corporate giants like Apple or Tesla.”
Well, if only that were true.
The continent’s vulnerability
It has to be acknowledged that doubts about the extent of the continent’s vulnerability to cyberattacks could be understandable to an extent.
For a long time, businesses in Africa have regarded cyberattacks as the preserve of Western countries. Over ten years ago, they used to learn about devastating attacks on overseas corporations through Western media outlets. At the receiving end were mostly tech firms and financial services providers.
In recent years, however, these attacks would assume new dimensions, hitting heavy industries like power generation, construction, and petrochemical firms with devastating effect.
Then, the probability of a cyberattack on a local front (on the African continent) was generally considered remote.
But not anymore.
Reality Hits Home
Now, the reality has hit home – and hard at that. A few among numerous reported cases in some African countries show this.
- South Africa
In a press statement (SAA Cybersecurity Incident Update, Johannesburg, issued on 11 June 2025), state-owned enterprise (SOE) South African Airways (SAA) confirmed that a cyberattack briefly disrupted its operations, though core functions remained unaffected. It called this “an external breach of information technology systems,” disclosing that the cyberattack affected certain IT servers containing stakeholder information.
There have been high-profile cases preceding this in the same country affecting another SOE several times (talk about lightning striking not twice, but many times)
In 2022, another SOE, power utility Eskom, was under a ransomware attack. The perpetrators threatened to offer information from the company’s servers for sale on the dark web.
In February 2024 in a déjà vu, Eskom acknowledged another possible data leak and malware infection threat.
It is not that other countries on the continent are immune. If organisations in the continent’s most developed economy with the most sophisticated ICT sector face attacks, what about those in least-resourced countries?
2. Other countries
Elsewhere, critical infrastructure was not spared. In Kenya, for instance, there was a breach at the Kenya Urban Roads Authority (KURA). In Nigeria, government databases, such as those of the National Bureau of Statistics (NBS), were hacked.
What is worse, there has been a noticeable escalation in business email compromise (BEC) in 11 African nations.
Power generation facilities are attractive targets for cyber criminals.
Escalating risk
Worryingly, the risk is escalating across the continent in general, according to INTERPOL’s 2025 African Cyberthreat Assessment Report, released recently. The report provides crystal-clear insight on the prevalence of cybercrime in Africa, especially in critical industries. It indicates that two-thirds of African member countries identified cyber-related offences as accounting for a medium-to-high share of all crimes.
Devil in the Details
If there are any doubts, surely the devil is in the details contained in the report. Data from Kaspersky, one of the sector partners working with INTERPOL’s Cybercrime Directorate, shows that suspected scam notifications rose by a staggering 3,000 percent.
More to the point, there were record increases in ransomware detections in some African countries. The following countries were most affected, in order of severity:
• South Africa, 17,849
• Egypt, 12,281
• Nigeria, 3,459
• Kenya, 3,030
This hierarchy of severity is no coincidence, as these countries are ranked the most digitised on the African continent.
Tip of the Iceberg
Probably, the information released by INTERPOL could only be the tip of the iceberg. Do not rule out cyberattacks on equally large organisations that remain undisclosed to avoid causing panic among clients and stakeholders or to protect their reputations.
Real – Not exaggerated – threat
All told, if there are lingering doubts about the vulnerability of Africa’s critical industries to cyberattacks, this information should settle it once and for all. The bottom line is: the threat is real, and not exaggerated as widely believed.
So, where does this leave heavy industry? Can it continue remaining indifferent to the operational risk, stick its proverbial head in the sand like an ostrich? Certainly not.
A heavy magnet for criminals
In heavy industry, cybercriminals could target sensitive information, including designs for critical infrastructure or financial details of projects. Typically, this information is shared electronically and on numerous devices with contractors, subcontractors, suppliers, and clients, making heavy industries a magnet for criminals.
Cybercriminals recognise the valuable data, large sums of money, and critical infrastructure these industries handle. These factors make the industries lucrative targets.
Referencing construction in particular, in an article, The Evolution of Cybersecurity in the Construction Industry, Morag Evans, CEO of Databuild, highlights vulnerability due to extensive network of contractors involved in projects: “The cybersecurity maturity of each of these businesses can be massively different, resulting in multiple potential entry points for attackers.”
Other sectors such as petrochemicals, mining, and manufacturing could be just as vulnerable – even worse considering the increasingly digitised machinery they use.
Risks to asset reliability
Certainly, from an asset reliability perspective, companies should be more concerned about the risks of cyberattacks. Operation and maintenance teams share real-time data about machinery health such as temperature, component wear, among others, to ensure they carry out predictive maintenance. This ensures minimal interruption to productivity. In the event of an anomaly, they make timely interventions.
Hence, consequences of a cyberattack would be too ghastly to contemplate – downtime to production resulting in losses, huge sums of ransom money (in most cases you’re talking about millions), and reputational damage in the eyes of stakeholders. These are burdens companies would bear when they are focusing on the bottom line.
Compelling case for proactivity
Surely, the stakes couldn’t be higher!
Without a doubt, for heavy industries, there is compelling evidence for proactive action by moving from resisting calls to enhancing their cybersecurity to achieving significant readiness.
This even applies to companies that have invested in supposedly robust systems. It is better to err on the side of caution.
A case in point is that some of the most deadly cyberattacks documented by the INTERPOL report have occurred to companies. Companies that thought their firewalls were impregnable only to be ruthlessly breached. The fact is that criminals are always a step or two ahead of their would-be victims.
The approach
In view of this, organisations must be vigilant.
Specifically, to address prevailing vulnerabilities, Evans has a suggestion on how construction companies can prioritise cybersecurity alongside traditional safety measures. For sure, this approach could be replicated in other heavy industries to good effect.
“The first step is constantly raising awareness. Management must understand how important it is to protect the digital assets of a construction project,” he says, pinpointing the following as critical: adopting cybersecurity protocols, training employees to recognise threats, and investing in secure digital infrastructure.
Three Ps for robust cybersecurity
Fundamentally, Evans advises companies to follow three Ps as part of a proactive approach to their cybersecurity programmes: prevention, protection, and preparation.
“Prevention involves taking steps to reduce the likelihood of an attack, for example, using secure communication channels and regularly updating software.
“Protection centres on safeguarding systems through firewalls, encryption, and other security measures.
“Finally, preparation entails making sure companies have a response plan in the event of an attack. This can help minimise damage and ensure faster recovery.”
OPEX for digital transformation
The long and short: cybersecurity must be included in an organisation’s OPEX allocated for digital transformation. What is the gain in attempting to save costs by overlooking cybersecurity only to incur millions in revenue loss due to downtime of mission-critical machinery, extortionate ransom payments, and reputational damage? That would be penny wise and pound foolish!
Mindset shift
Without question, it is high time for a mindset shift in heavy industries – from resisting beefing up cybersecurity to embracing robust measures to achieve system readiness in the face of fast-evolving cyber threats and protect their mission-critical assets.
