Abstract
This study examines the legal duty of South African financial institutions to protect customers against economic cybercrime in an increasingly digital financial environment. As banking platforms shift towards digital channels, customers face growing exposure to cyber threats, including phishing, identity theft, and unauthorised access to financial information.
Despite South Africa’s adoption of several laws such as the POPIA, the Cybercrimes Act, and FAIS cybercrime against customers remains prevalent.
The research explores both national and international legal frameworks influencing cybersecurity obligations, highlighting the global impact of instruments like the European Union’s General Data Protection Regulation (GDPR). It also analyses key challenges faced by financial institutions, including weak internal controls, evolving cyber threats, and the need for greater collaboration between regulators, industry players, and customers.
Furthermore, insufficient cybersecurity directly impacts the resilience of the financial sector. Cyberattacks can disrupt payment systems, compromise the integrity of financial data, and trigger cascading effects across interconnected financial institutions. This interconnectedness amplified by digital transformation and cloud computing means that a single breach in one institution can propagate across the entire financial network, leading to systemic financial instability.
Additionally, this study assesses the potential of technological innovations such as Artificial Intelligence (AI) and Computer-Assisted Audit Techniques (CAAT) in strengthening cybersecurity practices and mitigating risks.
The research concludes that while legal duties are established, more effective implementation, enforcement, and technological integration are required to fully protect customers. Strengthening institutional governance, adopting proactive security measures, and enhancing customer awareness will be essential for building a secure and resilient financial sector in South Africa.