Protecting South Africa’s grid against cyberattacks is now as important as physically securing power stations, and electricity smart meters in the country are particularly vulnerable.
Cybersecurity platform KnowBe4 recently warned that cyberattacks are rising in South Africa, and the energy sector is no exception.
“The energy sector is firmly within this trend, with phishing emails and social engineering remaining primary entry points for attackers, including attempts to trick energy company staff into clicking malicious links,” it said.
The organisation explained that, while South Africa has moved to introduce protections, such as the Critical Infrastructure Protection Act of 2019, enforcement and operational readiness lag behind.
It highlighted that no major energy sites had been officially designated under the act as of late 2023 , the government’s last public update around the issue.
However, Eskom and a growing pool of Independent Power Producers (IPPs) have increasingly started to digitise their operations, integrate renewables into the grid, and roll out smart meters.
KnowBe4 warned that this means the country’s energy infrastructure is becoming a high-value target – and a dangerously vulnerable one.
It said South Africa’s strained, load-shedding-prone grid faces mounting cyber threats, and the organisation warned that smart meters are not helping this problem.
Eskom defines a smart meter as an advanced type of digital electricity meter that records when and how much electricity is consumed and deducts from the amount consumed from a prepaid balance loaded by the customer.
The problem with smart meters
Over the past few years, Eskom and municipalities have been on a major drive to roll out more smart meters into South African households.
This is because they better allow the utility to track usage and prevent theft and fraud, such as illegal tokens.
The utility also sees it, in part, as a way to address its mounting municipal debt problem, as these meters better track usage and, therefore, payments for electricity.
However, KnowBe4 warned that the rollout of these smart prepaid meters introduces a slew of new cybersecurity risks.
“Smart meters are not inherently unsafe. New models use encryption protocols under the Standard Transfer Specification (STS), with tamper detection and secure firmware updates,” the organisation said.
“However, real-world breaches reveal that it’s not always the meters themselves, but the backend systems that are compromised.”
For example, in 2022, Eskom’s online token vending platform was breached internally, allowing illicit prepaid electricity tokens to be generated.
A few years prior, in 2019, City Power’s IT systems were crippled by ransomware, preventing customers from topping up their prepaid electricity
In addition, researchers have simulated attacks where compromised smart meters could trigger load oscillations, overwhelming substations and even whole energy grids.
“In South Africa, where loadshedding already forces dynamic rebalancing of supply and demand, even a small-scale coordinated cyberattack on smart meters could have outsized effects,” KnowBe4 warned.
Perfect storm of risks
KnowBe4 said South Africa’s ongoing load-shedding crisis also significantly increases the risk and potential impact of even smaller cyberattacks on the grid.
“As disconcerting as the risks to grids are with cyberattacks increasing, the consequences are even more dire for grids that are already struggling,” it said.
This is because energy infrastructure under stress is far less resilient to additional shocks.
The organisation explained how, during load-shedding, utilities rely on intricate, real-time load-balancing across increasingly fragile networks.
It warned that cyberattacks exploiting this fragility, such as mass smart meter disconnects or fake load signals, would require far less effort to trigger instability or cascading failures than would be required to destabilise stable grids where supply isn’t constrained.
International case studies validate these fears, with KnowBe4’s 2025 EU Energy Report emphasising the cyber battlefield emerging around European utilities.
In 2023, the International Energy Agency noted that cyberattacks on EU utilities had more than doubled between 2020 and 2022, with attackers increasingly targeting operational technologies.
“The same vulnerabilities are being introduced locally as South Africa races to install more remote-controllable infrastructure,” KnowBe4 warned.
Compounding these technical vulnerabilities is a severe shortage of cybersecurity skills in South Africa.
The CSIR previously reported that 63% of cybersecurity roles in South African companies are unfilled or only partially filled.
“At the same time, only 32% of companies train a majority of their employees in cybersecurity , leaving the door wide open for phishing and social engineering attacks, still the top entry points into critical systems,” KnowBe4 said.
“The exploitation of the human element is especially dangerous in energy infrastructure, where compromising just one employee’s credentials could provide a bridge into operational networks.”
Protecting the grid
KnowBe4 security awareness advocate Martin Kraemer explained that while South Africa has introduced protections, the country is still poorly prepared.
He said building resilience must move from legislation to practical implementation:
- Critical sites must be formally designated and fortified, both digitally and physically.
- Utilities must better secure smart meter backends, encrypt communications end-to-end, and segment operational networks from administrative systems.
- Incident response plans must explicitly include cyberattack scenarios during loadshedding periods, not just normal operations.
- Real-time monitoring and anomaly detection must be mandatory for all IPPs connected to the grid.
- Ongoing security awareness training must be prioritised, particularly for frontline energy workers.
“The protection of critical infrastructure is paramount, as the research highlights how cyberattacks can cause widespread disruption across the energy sector, impacting everything from power generation to distribution,” Kraemer warned.
“The need for continuous education, investment in threat detection technologies, and cross-border collaboration to safeguard power infrastructure against escalating cyber threats has never been clearer.”
“For South Africa, where supply is already fragile, the consequences of inaction could be devastating. Fortifying the grid against cyberattacks is now as important as physically fortifying power stations themselves.”
