Official website of the South African National CSIRT


What can businesses do to protect themselves from cyber attacks?

The Cybersecurity Hub encourages national industry to be prepared before incidents occur. This includes industry understanding its network, understanding the value of its information, and understanding how both are protected. Being prepared also involves a business understanding what constitutes normal behaviour on its network. By knowing this, a business is more likely to detect unusual behaviour.

Why partner with Cybersecurity Hub?

We encourage major businesses to partner with us for information sharing and best practice solutions in order to mitigate cyber incidents. Prevention is better than cure when critical business systems are at stake. By having this relationship in place, we can share information efficiently and effectively with businesses to help with prevention and if necessary, mitigation.

Why is it important for businesses to report cyber incidents?

Timely reporting of cyber incidents to the Cybersecurity Hub will allow us to form a more accurate view of cybersecurity threats and make sure that businesses receives the right help and advice. All information provided to us is held in the strictest confidence.

Why have I received an email from Cybersecurity Hub about my website and/or network?

If you own a website and/or network (i.e. you are the registered domain owner), you may receive an email from us to notify that your website may be hosting or redirecting to malicious content.

What about investigating cyber security incidents?

If your business has experienced a cybersecurity incident, depending on the nature of the received incident, if a cyber crime has been committed this may result in a police investigation. Law enforcement cyber crime teams are well aware of, and will attempt to minimise the potential business impacts a criminal investigation can have on an organisation. However, there are likely to be some effects that need to be weighed against business interests. This may involve considering whether or not you are prepared to keep the breached system open to preserve evidence, or shut down the system to prevent further intrusion – thereby running the risk of destroying potential evidence. If you would like to have a cybersecurity incident investigated by law enforcement:

  • individuals and small businesses are encouraged to report the incident to the Cybersecurity Hub
  • disconnect the compromised machine from the network and wait for law enforcement to respond
  • keep the system turned on – RAM data will be lost if a machine is powered down
  • leave the compromised machine alone – do not run programs or open files – leave this for law enforcement. Interacting with the machine can destroy forensic evidence and prevent an investigation from progressing; and
  • if virtualised, suspend the compromised machine and copy the related files to new media.

How do I report an incident to Cybersecurity Hub?

Cybersecurity Hub offers secure web forms for users to ( report incidents) and send an email to This email address is being protected from spambots. You need JavaScript enabled to view it..

How do I report a vulnerability?

Vulnerabilities can be reported to the Cybersecurity Hub by sending an email to This email address is being protected from spambots. You need JavaScript enabled to view it.

Keep Safe Online:

Online Safety

Device Security

Malicious Software Countermeasures






Report Cybersecurity related incidents to Cybersecurity Hub

You can also call SAPS on: 08 600 10111