South Africa’s small and medium businesses (SMBs) will continue to grapple with cybersecurity challenges throughout 2025. Tougher enforcement of data privacy laws and the rise of new artificial intelligence (AI) related threats are among the issues that will dominate their technology agenda for the year ahead.
That is according to Philip Meyer, VP Product Engineering HR & Payroll, Sage Africa and Middle East, who says that SMBs are increasingly in cybercriminals’ crosshairs. “With large enterprises ramping up their spending on cybersecurity, hackers and malware authors are focusing their attention on smaller businesses,” says Meyer.
“SMBs are more vulnerable to attacks because they have less human and financial resources to dedicate to protecting their infrastructure. It is hard for them to make informed risk management choices about which tools to invest in and what risks they can live with in the absence of reliable advice and affordable technology.”
Research such as the Security Navigator 2025 report finds a significant 50%-plus increase in incidents targeting SMBs. A recent international study by Vanson Bourne Research, The State of SMB Cybersecurity in 2024, found that 94% of SMBs have suffered from at least one cybersecurity attack in the past year, up from 64% in 2019.
This highlights why it’s important for SMBs to get the basics right, given the reputational risks of data breaches, the cost of business interruptions, and evidence that regulators are losing patience with organisations that don’t comply with laws such as the Protection of Personal Information Act (POPIA), Meyer says.
Ben Aung, Chief Risk Officer at Sage outlines three significant international trends that will shape cybersecurity in 2025. Firstly, a resurgence of ransomware and cyber extortion attacks is expected. Businesses should strengthen defences by continuing to focus on the highest impact security measures, such as patching, endpoint detection tools, multifactor authentication, privilege access management and employee awareness.
Secondly, the use of generative AI in phishing attacks will become commonplace. Attackers will leverage AI to craft highly convincing communications, making phishing attempts more deceptive. Companies must ensure their employees are educated about these new and evolved risks and can spot attempts and report them quickly.
Finally, supply chain risks will receive greater scrutiny as larger organisations continue to be impacted by attacks on their vendors. Attackers will target critical companies within supply chains to increase their leverage. To mitigate this risk, businesses should conduct thorough due diligence on suppliers’ security practices, enforce security requirements in contracts, and develop robust contingency plans for potential disruption.
Aung says that technology providers can significantly aid SMBs by reducing the costs and burden of cybersecurity management. “Transparency is essential; providers should be open about their security practices to build trust with SMBs,” says Aung.
“Developing software to high security standards—such as the US government’s ‘Secure-by-Design’ guidelines—demonstrates a commitment to quality and security, reassuring businesses about the reliability of their tools.
Adds Aung: “Moreover, making common security controls like multi-factor authentication and data recovery easily accessible and simple to set up is crucial. When these features are user-friendly, SMBs are more likely to implement them effectively, enhancing their overall security posture.”
Global research from Sage shows that keeping on top of new threats is the biggest challenge for 51% of SMEs, followed by making sure employees know what’s expected of them (45%). Some 56% of SMBs want cybersecurity companies to do more to educate and support them, while 45% put the onus on governments to act and 43% on trusted tech partners.
Meyer says: “With SMBs facing daily data breaches, phishing attempts and ransomware attacks, juggling protection and growth is a major challenge. Larger businesses, technology vendors and governmental bodies all have a vital role to play in providing education and support to SMBs, which are critical to South Africa’s economy and supply chains.”