About
Subscribe
  • Home
  • /
  • Security
  • /
  • Why SMEs must regularly re-examine cyber measures

Why SMEs must regularly re-examine cyber measures

It is much easier for hackers to target hundreds of smaller businesses with weaker defences than trying to breach one heavily-fortified enterprise.
Peter Clarke
By Peter Clarke, Founder and MD, LanDynamix
Johannesburg, 17 Jul 2026
Peter Clarke, CEO of LanDynamix.
Peter Clarke, CEO of LanDynamix.

So, when it comes to cyber , you set in place and now you can forget about it, correct? The truth is that this approach could not be more flawed and is the result of a specific mindset, especially where it means added expenditure.

Budget and the lack of it for SMEs is always an issue. Another belief that stems from flawed thinking is that SMEs are not of interest to hackers because the rewards are not big enough – this could not be further from the truth.

SMEs are, in fact, low hanging fruit for cyber criminals due to a number of issues, including limited cyber security infrastructure, the lack of appropriate measures and adopting, at best, inadequate ongoing upgrades.

Cyber attacks are a moving target that security measures must keep pace with.

One report estimates that cyber crime threatens the very survival of South African small businesses. Taking a static approach to cyber threats can prove to be a grave mistake.

Attackers increasingly favour SMEs because they represent a ‘target-rich, resource-poor’ environment.

We are all too of the pace at which technology changes. Cyber security threat actors keep pace with these changes, so why on earth are business owners reluctant to do so too? This is a question we often ask ourselves during customer interactions.

Artificial intelligence (AI) advances alone are exponential. There is no question that AI is playing a major role in how quickly we consume technology and there are various reasons behind this, including the need to accelerate product development.

It may seem like a statement of the obvious but AI speeds up research, prototyping and testing by automating tasks that once took months or years; for example, in diverse areas such as drug discovery, chip design and software coding.

Faster development cycles mean new technologies hit the market more quickly and consumers adopt them sooner.

Rapid product rollouts often outpace security hardening. This is even more true for SMEs with their budgetary constraints. The use of AI by cyber criminals who are displaying increasing adeptness in the use of AI, is well documented. Attacks today are highly-sophisticated and pose a major concern for businesses of any size but even more so for the resource-strapped SME.

Businesses are challenged to build cyber resilience in the face of limited resources and a shortage of expert cyber skills − it's simply not possible to upskill employees at the same pace as technology advances.

In my experience in this market, SMEs are often viewed by attackers as easier, high-value targets as they endeavour to embrace digital transformation with the risk of cyber crime looming even larger than ever.

Many small business owners make the mistake of thinking hackers will go for large enterprises that hold more data, more money and greater visibility. However, attackers increasingly favour SMEs because they represent a ‘target-rich, resource-poor’ environment.

While a large corporation may invest heavily in cyber security infrastructure, SMEs typically operate with constrained budgets, limited IT staff, if any, and competing business priorities.

The reality is that for hackers it is much easier to target dozens, or hundreds, of smaller businesses with weaker defences, achieving similar financial gains with significantly less effort than trying to breach one heavily fortified enterprise.

The right managed service provider (MSP) can add immense value to an SME’s cyber safety.

The MSP will always advise regular reviews of cyber security measures. These are essential as threats are constantly evolving, so a ‘set-and-forget’ approach leaves businesses vulnerable to new phishing techniques, software vulnerabilities and social engineering attacks.

It is foolhardy to dismiss this advice on the basis that an MSP is simply trying to sell the next tool, which is not the case and harks back to the mindset on the topic of cyber security.

It’s important to understand SMEs are not necessarily targeted with sophisticated, bespoke attacks. On the contrary, in many cases, they fall victim to opportunistic threats, such as phishing, ransomware and credential theft.

Constantly revisiting and upgrading where necessary will be immeasurably beneficial to the business and its ability to stand against breach attempts.

Share