Official website of the South African National CSIRT

Incident Management Process

The Cybersecurity Hub is the country’s National Computer Security Incident Response Team (CSIRT). The aim of the Cybersecurity Hub is to establish sector-CSIRTs and to co-ordinate activities and incidents across these sector-CSIRTs and constituents (of which you – the public – is one).

The Cybersecurity Hub does not resolve cybersecurity incidents, but routes cybersecurity incidents received, to the applicable authorities for resolution. As an example, where we receive a cybersecurity incident related to the banking industry, we will route the cybersecurity incident to the banking sector CSIRT, who in turn will route the cybersecurity incident to the bank in question. Cybersecurity incidents related to cybercrime or cyberbullying is routed to the South African Police Service (SAPS) for resolution. These authorities are then responsible for the investigation and resolution of the incidents.

The Cybersecurity Hub currently operates from 08:00 to 16:30 weekdays, and excluding public holidays. The Cybersecurity Hub incident management process works as follows: 

  1. An incident is submitted through this website, or through e-mail.
  2. Once you have clicked on submit, you will receive a reference number via e-mail.

    Please keep this safe since you will be asked to provide the reference number during future correspondence with the Cybersecurity Hub.

    You might want to contact the Cybersecurity Hub as you become aware of more information which could assist in the investigation and resolution of the incident, or where you have not received feedback in a timely fashion (please see 5 below)

  3. The Cybersecurity Hub will route your incident to the appropriate authority. This happens during office hours, from the time the Cybersecurity Hub receives the cybersecurity incident.
  4. The identified authority will respond to the Cybersecurity Hub with a reference number of its own. This reference number is then captured as part of your cybersecurity incident.

    Once this step is complete, the identified authority is responsible for the resolution of the incident.

  5. The identified authority will correspond with you directly as part of the incident investigation and resolution process. The Cybersecurity Hub has no control over the incident investigation and resolution process.

    If you have not received feedback after 5 working days, please contact the Cybersecurity Hub through an e-mail, quoting your reference number. The Cybersecurity Hub will then contact the identified authority for feedback.

  6. You will receive confirmation on closure of the incident.

Keep Safe Online:

Online Safety

Device Security

Malicious Software Countermeasures






Report Cybersecurity related incidents to Cybersecurity Hub

You can also call SAPS on: 08 600 10111