The Communications Risk Information Centre (COMRiC) is a nonprofit association that describes themselves as “South Africa’s frontline defence against telecommunications crime” and its leadership team includes Chief Risk Officers and other leading executives from all of the country’s largest telcos. So it is worth paying attention to the findings in their first Telecommunications Sector Report, which was issued recently. The report includes contributions from all of South Africa’s major comms providers, including MTN, Telkom, Liquid and CellC. Vodacom’s contribution described the publication of the report as “a significant milestone”.
One observation that will also stir debate in other countries is the demand that simboxes be tackled by introducing a nationwide ban and import controls, as already established in some other African countries and adopted by the UK earlier this year. The report praises the extent to which Tanzania and Ghana have reduced fraud by targeting simboxes. The message from COMRiC CEO Thokozani Mvelase to the Independent Communications Authority of South Africa (ICASA), the national comms regulator, could not be any plainer.
We are also urging ICASA to enforce a ban on sim box modems, many of which are smuggled in without regulatory approval. These devices threaten network security, intercept messages, and bypass lawful surveillance systems. Their continued use undermines national efforts to protect digital infrastructure.
The association offered many other valuable insights and recommendations, several of which are also relevant to other countries. Here are five other takeaways from their report.
1. SIM swap fraud enables a lot of financial crime
In 2024… nearly 60 percent of mobile banking fraud [was] linked to SIM swap crimes.
2. Network security requires investment in human beings too
Workforce-related risks are emerging more clearly in 2025. Burnout in cyber teams, skills shortages, and resistance to AI integration have become more prevalent compared to 2024.
The problems that telcos have with recruiting and retaining cybersecurity professionals reflects a more general problem with the availability of suitable staff.
Many cybersecurity jobs are not being filled. 63% of roles remain open because there aren’t enough trained people.
3. Attacks on physical infrastructure reflect wider economic factors
Copper theft remains strongly correlated with global commodity prices, while lithium battery theft surged during load shedding.
4. There is a need for a nationwide sense of priorities that crosses boundaries between silos
Financial institutions, retailers, law enforcement, and regulators all have a stake to secure digital infrastructure. COMRiC continues to foster public-private collaboration models that cut across silos. We advocate for enabling legal frameworks to share actionable fraud intelligence while respecting privacy law, and we support harmonised regulation that addresses the rising use of OTT services…
Cross-sector collaboration is not only essential for mitigating current and emerging risks, but also for reinforcing the strategic role of the telecommunications sector within the national economic ecosystem.
5. South Africa should have a national strategy for security and resilience
A section of the report entitled “The Urgent Need for a National Cybersecurity Resilience Plan in South Africa” presents a manifesto for change. It begins:
COMRiC calls for a National Cybersecurity Resilience Plan (NCRP) to unify government, business, law enforcement, and cybersecurity experts.
Urges urgent and coordinated action to strengthen South Africa’s cybersecurity infrastructure.
Welcomes government focus on cybercrime, AI-driven fraud detection, and digital infrastructure investment but stresses need for faster implementation and integration.
And More…
The 42-page report also touches upon issues of specific relevance to South Africa, such as recent arguments over whether there should be exceptions to Broad-Based Black Economic Empowerment (BBBEE) rules for satellite comms businesses like Elon Musk’s Starlink. On this particular point, it was notable that an association of traditional telcos was sympathetic to the disruption caused by satellite comms because of the economic growth that would be released by connecting more of the rural population to the internet.
COMRiC’s report is not perfect, and sometimes falls into the trap of repeating international statistics that have little credibility. The report is otherwise a good step forward for cooperative risk management in South Africa. It argues cogently for changes that would benefit the whole of South Africa and not just its existing comms providers. Other national associations should use the report as a template for bringing together and expressing the views of senior risk leaders working within the comms sector. Many of the recommendations also deserve consideration in other countries.
You can read the report here.



