Data privacy, AI threats and supply chains: The South African SME cybersecurity landscape
5 min read
South Africa’s small and medium enterprises (SMEs) will continue to grapple with cybersecurity challenges throughout 2025. Tougher enforcement of data privacy laws and the rise of new artificial intelligence–related threats are among the issues that will dominate their technology agenda for the year ahead.
That is according to Philip Meyer, vice-president: Product Engineering HR & Payroll at Sage Africa and Middle East, who says SMEs are increasingly in cybercriminals’ crosshairs. “With large enterprises ramping up their spending on cybersecurity, hackers and malware authors are focusing their attention on smaller businesses,” he says.
“SMEs are more vulnerable to attacks because they have less human and financial resources to dedicate to protecting their infrastructure. It is hard for them to make informed risk management choices about which tools to invest in and what risks they can live with in the absence of reliable advice and affordable technology.”
Research such as the Security Navigator 2025 report finds a significant 50% plus increase in incidents targeting SMEs. A recent international study by Vanson Bourne Research, “The State of SMB Cybersecurity in 2024”, found that 94% of SMEs have suffered from at least one cybersecurity attack in the past year, up from 64% in 2019.
This highlights why it’s important for SMEs to get the basics right, given the reputational risks of data breaches, the cost of business interruptions and evidence that regulators are losing patience with organisations that don’t comply with laws such as the Protection of Personal Information Act, Meyer says.
Ben Aung, chief risk officer at Sage, outlines three significant international trends that will shape cybersecurity in 2025.
Firstly, a resurgence of ransomware and cyber extortion attacks is expected. Businesses should strengthen defences by continuing to focus on the highest impact security measures such as patching, endpoint detection tools, multi-factor authentication, privilege access management and employee awareness.
Secondly, the use of generative AI in phishing attacks will become commonplace. Attackers will leverage AI to craft highly convincing communications, making phishing attempts more deceptive. Companies must ensure their employees are educated about these new and evolved risks and can spot attempts and report them quickly.
Finally, supply chain risks will receive greater scrutiny as larger organisations continue to be impacted by attacks on their vendors. Attackers will target critical companies within supply chains to increase their leverage. To mitigate this risk, businesses should conduct thorough due diligence on suppliers’ security practices, enforce security requirements in contracts and develop robust contingency plans for potential disruption.
Aung says technology providers can significantly aid SMEs by reducing the costs and burden of cybersecurity management. “Transparency is essential; providers should be open about their security practices to build trust with SMEs.
“Developing software to high security standards – such as the US government’s Secure by Design guidelines – demonstrates a commitment to quality and security, reassuring businesses about the reliability of their tools.”
He adds: “Moreover, making common security controls like multi-factor authentication and data recovery easily accessible and simple to set up is crucial. When these features are user-friendly, SMEs are more likely to implement them effectively, enhancing their overall security posture.”
Global research from Sage shows that keeping on top of new threats is the biggest challenge for 51% of SMEs, followed by making sure employees know what’s expected of them (45%). Some 56% of SMEs want cybersecurity companies to do more to educate and support them, while 45% put the onus on governments to act and 43% on trusted tech partners.
Meyer says: “With SMEs facing daily data breaches, phishing attempts and ransomware attacks, juggling protection and growth is a major challenge. Larger businesses, technology vendors and governmental bodies all have a vital role to play in providing education and support to SMEs, which are critical to South Africa’s economy and supply chains.”
Image credit: rawpixel.com/Freepik
