South Africa has spent half a decade building the legal architecture to fight cyber-crime. The Cybercrimes Act 19 of 2020 criminalises cyber fraud, forgery, and extortion, and grants police sweeping powers to search, access, and seize digital evidence. What the country has not done is fund the people who must actually collect that evidence in a way courts will accept.
On 8 June 2026, the Democratic Alliance's police spokesperson Lisa Schickerling published a parliamentary reply showing that between 1 April 2025 and 27 February 2026, the South African Police Service (SAPS) provided zero digital forensics training to detectives at the country's 35 highest-crime police stations — places like Nyanga, Inanda, and Delft. Over the same eleven months, just 15 detectives across all 35 stations received financial-investigation training. The detective corps meant to staff these stations is itself hollowed out: 2,480 of 3,496 funded posts are filled, against an approved establishment need of 4,607.
The case for the regulators
The instinctive response is to defend SAPS. Detective training is expensive, digital forensics tooling is specialised, and a police service facing one of the world's highest violent-crime burdens will rationally prioritise murder and robbery dockets over phishing cases. The Portfolio Committee on Police, in a 5 June 2026 statement, acknowledged a 5.6% budget increase and framed the problem as one of attrition and competing priorities rather than malice. On that reading, the training gap is a triage decision by an under-resourced service, not a policy failure.
That steelman holds only until you look at what the gap actually destroys. This is not a story about declining to chase low-value crimes. It is a story about a state that has already criminalised conduct, already funded the posts, and already passed laws premised on collecting digital evidence — and then declined the comparatively cheap training that makes any of it enforceable.
Untrained hands make evidence inadmissible
The technical detail in the DA reply matters more than the headcount. Digital evidence is fragile in ways physical evidence is not. As Schickerling noted, an untrained detective who simply powers on a seized phone without a Faraday bag can alter timestamps and metadata — and a defence advocate will move to have the entire device excluded. Encryption and anti-forensic techniques also evolve fast enough that a forensics qualification earned two years ago may be functionally obsolete today.
This is the proportionality failure at the heart of the matter. South Africa built a maximalist enforcement framework — broad offences, broad seizure powers under the Cybercrimes Act — but starved the one input, trained investigators, that determines whether any of that survives a bail or trial hearing. A search-and-seizure power exercised by someone who contaminates the evidence is worse than no power at all: it consumes police time, traumatises complainants who believe a case is moving, and ends in acquittal.
The cost is already visible in the fraud numbers
The enforcement vacuum is not hypothetical. According to the South African Banking Risk Information Centre's 2024 crime statistics, digital banking fraud rose 86% in a single year — from roughly 52,000 incidents in 2023 to nearly 98,000 — with gross losses of about R1.888 billion. Phishing, SIM-swap fraud, and banking-app compromise now drive the majority of banking-fraud losses. These are precisely the offences the Cybercrimes Act was written to reach, and precisely the cases that collapse when the seizing officer has never been trained to preserve a device.
The arithmetic is damning. R1.9 billion in annual digital banking losses dwarfs whatever SAPS would spend training a few hundred detectives in evidence handling and chain-of-custody. When the marginal cost of enforcement capacity is trivial relative to the harm it prevents, declining to spend it is not triage — it is a decision to let a fast-growing, statutorily-defined crime category run effectively unpoliced.
What proportionate enforcement looks like
A pro-innovation, pro-growth digital economy needs trust, and trust requires that fraud has consequences. South Africa does not need new cyber legislation — it has the Cybercrimes Act, and adding offences to an unenforceable statute only deepens the gap between the law on paper and the law in practice. What it needs is sequencing: fund the capability before, or at least alongside, the mandate.
Three moves follow directly. First, treat basic digital-evidence handling — Faraday bags, write-blockers, chain-of-custody documentation — as core detective training at every high-crime station, not a specialist add-on for a central unit. Second, fill the 2,127-post gap between filled detective posts and the approved establishment of 4,607, since untrained absence and trained vacancy produce the same zero. Third, publish enforcement and conviction data under the Cybercrimes Act so Parliament can see whether seizures are surviving to trial.
The lesson generalises beyond South Africa. Legislatures across the Global South are racing to pass cyber-crime statutes modelled on the Budapest Convention and instruments like this one. A law that grants seizure powers without funding the forensic competence to exercise them lawfully does not protect citizens — it manufactures inadmissible evidence and false hope. Enforcement capacity, not statutory ambition, is the binding constraint, and South Africa's 35 busiest stations are now a live demonstration of what happens when a state forgets it.