Official website of the South African National CSIRT


What can businesses do to protect themselves from cyber attacks?

The Cybersecurity Hub encourages national industry to be prepared before incidents occur. This includes industry understanding its network, understanding the value of its information, and understanding how both are protected. Being prepared also involves a business understanding what constitutes normal behaviour on its network. By knowing this, a business is more likely to detect unusual behaviour.

Why partner with Cybersecurity Hub?

We encourage major businesses to partner with us for information sharing and best practice solutions in order to mitigate cyber incidents. Prevention is better than cure when critical business systems are at stake. By having this relationship in place, we can share information efficiently and effectively with businesses to help with prevention and if necessary, mitigation.

Why is it important for businesses to report cyber incidents?

Timely reporting of cyber incidents to the Cybersecurity Hub will allow us to form a more accurate view of cybersecurity threats and make sure that businesses receives the right help and advice. All information provided to us is held in the strictest confidence.

Why have I received an email from Cybersecurity Hub about my website and/or network?

If you own a website and/or network (i.e. you are the registered domain owner), you may receive an email from us to notify that your website may be hosting or redirecting to malicious content.

What about investigating cyber security incidents?

If your business has experienced a cybersecurity incident, depending on the nature of the received incident, if a cyber crime has been committed this may result in a police investigation. Law enforcement cyber crime teams are well aware of, and will attempt to minimise the potential business impacts a criminal investigation can have on an organisation. However, there are likely to be some effects that need to be weighed against business interests. This may involve considering whether or not you are prepared to keep the breached system open to preserve evidence, or shut down the system to prevent further intrusion – thereby running the risk of destroying potential evidence. If you would like to have a cybersecurity incident investigated by law enforcement:

  • individuals and small businesses are encouraged to report the incident to the Cybersecurity Hub
  • disconnect the compromised machine from the network and wait for law enforcement to respond
  • keep the system turned on – RAM data will be lost if a machine is powered down
  • leave the compromised machine alone – do not run programs or open files – leave this for law enforcement. Interacting with the machine can destroy forensic evidence and prevent an investigation from progressing; and
  • if virtualised, suspend the compromised machine and copy the related files to new media.

How do I report an incident to Cybersecurity Hub?

Cybersecurity Hub offers secure web forms for users to ( report incidents) and send an email to This email address is being protected from spambots. You need JavaScript enabled to view it..

How do I report a vulnerability?

Vulnerabilities can be reported to the Cybersecurity Hub by sending an email to This email address is being protected from spambots. You need JavaScript enabled to view it.


Incident coordination

Receiving, triaging, and responding to requests and reports, and analysing cyber incidents and events.

Cybersecurity assessment and advisory

Detailed review and analysis of constituent's publicly viewable assets.


Gather and develop security advisories and intrusion alerts to help constituents to protect their systems and networks.

Security-related information dissemination

Provision of a comprehensive and categorised collection of relevant publicly available documentation that aids in improving security.

Cybersecurity awareness building

Increase security awareness for citizens through the dissemination of various artefacts.

Identification of national standards

Identification of appropriate de facto rigorous, semantically correct,clear, and understandable standards.

Promotion of national standards

Promote the use of the de facto national standards, which facilitate threat sharing between the constituents of the Cybersecurity Hub via implementation of threat sharing platforms.

Establishment of Sector-CSIRTs

Promotion of collective capacity via public-private partnerships for the advancement of cybersecurity best practises all via the establishment of sector-CSIRTs.

Skills and training

Development and promotion of a national cybersecurity skills framework approved by relevant national institutions.