by Patrick McLaughlin – parlyreportSA.com
ParlyReportSA provides business and political analysis from Parliament, Cape Town.
Cybercrime has become one of the most serious threats facing South Africa’s economy. Losses run into billions of rand every year, yet law enforcement capacity remains dangerously weak. The SAPS cybercrime units are thinly staffed and poorly equipped, struggling to keep pace with increasingly sophisticated syndicates operating across borders. 
In this context, the introduction of a Private Member’s Bill by Adv. Glynnis Breytenbach—a former prosecutor once feared for her courtroom precision—represents a rare and important intervention. It aims to shift the battle against cybercrime onto an independent and technically skilled institutional footing.
The reputational context
In 2023, the Financial Action Task Force (FATF) placed South Africa on its grey list, warning global investors and regulators that our systems for combating financial and cybercrime were inadequate. While the banking sector has strengthened compliance measures and the Reserve Bank has tightened oversight, the structural weakness remains: the state’s inability to investigate and prosecute complex digital crimes. FATF Grey Listing of South Africa
The National Prosecuting Authority has acknowledged major capacity gaps, and the South African Banking Risk Information Centre (SABRIC) reports that digital banking fraud losses exceeded R1.8 billion in 2024, almost double the year before. Yet SAPS registered only around 500 cyber-related cases—a stark mismatch that reveals just how limited the state’s capabilities are.
The Breytenbach proposal
Adv. Breytenbach’s Cyber Commissioner Bill proposes the establishment of an Independent Directorate for Cybercrime and Digital Evidence, modelled as a Chapter 9-type institution. This proposed office would be led by a Cyber Commissioner, empowered to:
- Investigate cyber offences under the Cybercrimes Act (2021);
- Coordinate international cooperation and intelligence sharing;
- Ensure the proper handling and admissibility of digital evidence.
Its preamble highlights two priorities: the need for specialist technical capacity and operational independence from the current SAPS hierarchy.
Political and institutional implications
Because it is a Private Member’s Bill, it faces resistance from government benches. It directly challenges the SAPS’s authority and the executive’s control over law enforcement. Creating a new independent directorate would transfer certain powers and resources away from SAPS, reviving debates reminiscent of the old Scorpions era. Critics will argue duplication or fragmentation, but supporters see it as necessary separation—between conventional policing and the increasingly specialised world of cyber enforcement.
Cybercrime Skills and capacity challenges
The Bill’s success depends not just on legislative approval but on skills. South Africa produces relatively few graduates in data science, AI, and forensic computing. Many are absorbed by private banks or recruited abroad. To be credible, any new cybercrime directorate must offer competitive salaries, modern training, and partnerships with universities and private-sector cyber specialists. Without these, it risks being symbolic rather than operational.
Why cybercrime matters for business
For business leaders, cyber threats are not abstract. They affect reputation, regulatory standing, and operational continuity. A single data breach can ripple through supply chains and erode trust among investors, regulators, and customers. Global compliance officers increasingly assess national risk based on the strength of a country’s cyber enforcement. South Africa’s weak record in this area undermines its standing and fuels the perception that its financial systems are unsafe.
Why a Cybercrime Bill matters
Even if Breytenbach’s Bill faces a difficult passage, it performs an essential function: it signals that South Africa’s Parliament is confronting the problem, not ignoring it. It places deterrence and digital capability at the centre of the national debate. For the private sector, it suggests that governance and cyber defence must evolve beyond internal IT departments to include national oversight and legal accountability. SABRIC 2024 Digital Banking Fraud Report
In conclusion
South Africa’s current cyber-response capacity is inadequate for the scale of the threat. The Cyber Commissioner Bill may not pass easily, but it reopens the discussion about institutional independence, deterrence, and technical competence. If Parliament takes it forward, the Bill could serve as a foundation for restoring international confidence and rebuilding the country’s reputation as a credible, digitally secure economy.
Patrick McLaughlin
ParlyreportSA.com