Disaster readiness often evokes images of physical emergencies, such as fires, storms, or floods. However, in the digital world, disasters are silent, invisible, and entirely online.

Their effects are no less real, spiralling into public emergencies that directly impact citizens’ access to essential services and erode public trust. So, what must governments prioritize before the next ransomware wave?

Ransomware has severe real-world consequences. When the digital infrastructure supporting towns, metros, provinces, and nations—from payroll systems to water treatment plants—is compromised or taken hostage, the civic and financial impacts are catastrophic. It should demand the same urgency and strategic planning as any other disaster readiness plan, seeing as the very fabric of urban life depends on these interconnected systems.

In 2023, a ransomware attack on the Municipal Water Authority of Aliquippa, Pennsylvania, disrupted operational technology systems. In Oakland, California, ransomware crippled financial systems and delayed vendor payments. Globally, similar attacks have temporarily disabled emergency services, hospital networks, and critical public infrastructure. These cases highlight that modern municipalities increasingly rely on interconnected systems vulnerable to disruption, directly affecting residents’ lives.

South Africa’s vulnerability and opportunity 

South Africa is not immune to these escalating global threats. According to Fortinet’s FortiGuard Labs and Interpol’s cyber threat assessments, the country ranks among the most targeted globally for cybercrime. This is compounded by unique challenges facing South African local governments: many operate with a mix of legacy systems and newer digital interfaces, creating “blind spots” that attackers can exploit. 

In fact, the Auditor-General of South Africa’s 2022-23 report highlighted that 71% of municipalities still had ineffective information security controls, indicating a widespread gap in fundamental cybersecurity practices.

The primary hurdle isn’t a lack of concern, though, but a severe shortage of resources and internal capacity. Local governments face pressure to modernize services while juggling limited budgets and a critical cybersecurity skills gap. While many are taking steps to strengthen digital governance, the focus must shift from reactive measures to proactive readiness to protect the public and ensure uninterrupted service delivery. 

Just as cities prepare for physical emergencies with evacuation plans, fire drills, and emergency funds, it’s possible to implement robust and practical cybersecurity strategies that assume a breach is inevitable and focus on rapid recovery.

Always-on incident response: the cyber equivalent of a fire drill 

Firstly, an always-on incident response is non-negotiable. This is the cyber equivalent of a fire drill—not merely a static document. It’s a dynamic plan, regularly practised and updated with clearly assigned roles for every stage of an incident, from detection to containment and recovery. For municipalities, this means establishing dedicated incident response teams, defining clear communication protocols with citizens, and conducting regular simulations. Swift action is critical to minimize public impact and restore essential services.

Microsegmentation: a digital floodgate 

Microsegmentation acts as a digital floodgate, sealing threats in a watertight compartment and limiting damage. By logically dividing a network into smaller, isolated segments, it ensures that if one department’s systems (e.g., billing) are compromised, the attacker is prevented from moving laterally into more critical areas like operational technology (OT) systems that control water, electricity, or traffic management directly. This proactive isolation is crucial for protecting essential public services.

Immutable backups: a digital insurance policy

The third pillar in any municipality’s readiness plan should take the form of immutable backups in a disaster-proof vault. Permanent data loss is a real possibility, especially with destructive ransomware attacks. Immutable backups offer a digital insurance policy by ensuring secure, unchangeable copies of critical data—from citizen records to operational configurations—are stored offline and out of harm’s way. This guarantees that vital public information and services can always be restored, even if primary systems are completely wiped or encrypted by attackers, ensuring continuity of governance and public trust.

Readiness is a shared responsibility 

Given the realities of ransomware attacks at scale, cybersecurity has evolved past being a background IT function to a core area of civic responsibility. Just as municipalities need physical infrastructure to maintain service delivery, robust digital infrastructure is equally critical for public safety and the smooth functioning of society. The well-being of citizens increasingly depends on the uninterrupted functioning of these digital systems.

The cost of inaction and the path forward 

The failure to prioritize digital disaster readiness carries severe consequences. Beyond immediate financial penalties and recovery costs, there is the long-term erosion of public trust. When essential services are disrupted and citizens are left in the dark, confidence in local government can plummet. This can lead to decreased civic participation, economic instability, and even national security implications if critical infrastructure is repeatedly targeted.

By proactively addressing vulnerabilities and embracing a holistic approach to digital disaster readiness, South African municipalities can build a secure foundation for the future. The next ransomware wave is a near certainty. The question is not whether we can stop every attack, but whether our systems are strong enough to keep serving citizens. With the right tools, training, and partners, South African local governments can build the kind of digital disaster readiness that protects systems as well as the people who depend on them. But this includes leveraging public-private partnerships (PPP) to disrupt cybercrime networks.

A prime example of such a successful PPP is the World Economic Forum’s Cybercrime Atlas initiative, which develops a global knowledge base to support law enforcement and dismantle criminal operations. These efforts ensurethat the system and the people who depend on it are protected from cyberthreats, just as they are against those of fire and flood alike.

By Doros Hadjizenonos, Regional Director at Fortinet South Africa