search icon
Back to Press Releases

SMBs struggle to keep pace with cyber security threats

Half of SMBs have experienced a security incident in the last year.

Johannesburg, South Africa, October 12, 2023 – Keeping on top of new threats is the biggest cyber security challenge facing small and mid-sized businesses (SMBs) – and more than half are calling for help to manage the risks, new global research by Sage reveals today.

The leader in accounting, financial, HR and payroll technology for SMBs has conducted global research to investigate SMBs' perceptions of cyber security and the key hurdles they face in this space. Through the study, Sage aims to demystify cyber security and turn it from a daunting challenge to an empowering tool so SMBs can focus on growing their business, developing their teams, and providing outstanding customer experience.

Across the nine countries surveyed, the research reveals:

  • 48% of SMBs have experienced a cyber security incident in the past year, and 25% (one in four) have experienced more than one. In South Africa, the most mentioned incident was stolen laptops (28%), with fewer reported ransomware attacks (9%).
  • 70% of SMBs say cyber threats are a major concern; however, 72% feel confident about managing cyber security, and 76% regularly review it.
  • Keeping on top of new threats is the biggest challenge for 51% of the respondents, followed by 45% ensuring employees know what's expected of them, educating staff about cyber security (44%), and cost (43%).

With cyber threats multiplying, knowing what is important, where to start and overcoming cost barriers is critical for SMBs that want to bolster their cyber resilience.

Ben Aung, EVP Chief Risk Officer, Sage, said, "Navigating the fast-paced world of cybersecurity can be overwhelming for SMBs, who often lack dedicated IT expertise. While our research highlights their genuine concern for cybersecurity, they seek guidance to comprehend and mitigate risks beyond the misconception of merely relying on firewalls and tools. At Sage, our commitment is to make cybersecurity accessible, fostering confidence through knowledge, resources, and a human-centric approach, empowering SMBs to strengthen their cybersecurity culture even with limited budgets."

The research also reveals that only 4 in 10 SMBs discuss cyber security regularly, mostly when something changes or goes wrong internally or with another company. In terms of size, smaller businesses are less concerned with cyber security, have less knowledge about cyber controls, and generally invest less in cyber security.

83% of South African SMBs expect cyber security companies to do more to educate and support them, while 45% put the onus on governments to act and 50% on trusted tech partners. Over half (69%) of South African SMBs want support with education and training. South African SMBs are concerned with cybersecurity, and their investment (79%) in cyber controls is among the highest amidst the current economic and cost of living conditions.

Kevin Thompson, Senior Cloud Operations Manager at Sage Africa, and Middle East, said, "It is not surprising to see that South African SMBs are concerned about cybersecurity, as many may lack the required in-house expertise, and we have seen a dramatic increase in local cyber events over the past few years. Numerous businesses have suffered from data breaches, forcing them to seek solutions for potential dangers in the future. According to the report, SMBs and large corporations use comparable services and infrastructure, which means the assaults they encounter are becoming more similar. For Sage, it's therefore imperative that we use trusted cyber security solutions to ensure that our SMBs' data is protected, allowing businesses to operate in a secure digital environment."

The research findings also highlight that two-thirds of SMBs are prepared to spend more to ensure better cyber security. 68% say they would use a more expensive supplier and devote more budget to a company if they had better security and displayed more information about the privacy and security of their products.

Lynne Pace, CFO & VP of Finance for Danson Construction, said, "In today's digital realm, cyber security hurdles are a constant reality for businesses like ours. We face daily data threats, phishing attempts, and ransomware attacks – it's a maze out there. As a small business, juggling protection and growth is a real challenge. The cyber-world is a puzzle we can't ignore. Safeguarding while advancing is the name of the game, and finding solutions that fit our size is a must. In this journey, a helping hand from tech companies and government support is crucial. With their help, we can navigate this intricate landscape with more confidence."

Simon Borwick, Cyber Security Partner at PwC UK, said, "Cybercrime is now a real threat to SMBs, irrespective of their scale. Their digital presence can turn into a potential weak link within the supply chain. Dependence on major suppliers and government authorities requires collective action.  At the same time, tackling this looming challenge also presents a unique opportunity to carve out a distinct competitive edge - enhancing an organisation's reputation and building trust."

Currently, 64% of SMBs use cyber insurance and 74% plan to use it next year. At the same time, 91% expect their investment in cyber security to either increase or remain the same in the coming year.

With this, it is important to remain vigilant and secure in our digital world.


Notes to Editors

  • Sage's study – Cyber security for SMBs: Navigating Complexity and Building Resilience – can be accessed here.
  • Key findings
  • 48% of SMBs have experienced a cyber security incident in the past year
  • 91% expect cyber security investments to increase or remain the same in the coming year
  • 69% of SMBs say cyber security is part of their culture, but most only discuss when something changes or goes wrong internally
  • 51% say keeping on top of new threats is their biggest challenge
  • 19% of SMBs rely solely on basic controls
  • 58% of SMBs backup their data
  • 80% of SMBs have a process in place to manage cyber security risks of remote workers
  • 25% of those with a process in place acknowledge not all adhere to it
  • 52% want more support with cyber security education and training
  • 44% say economic uncertainty/cost of living has reduced cyber security budgets
  • 64% of SMBs of SMBs use cyber insurance – 74% plan to use it next year
  • Cyber security challenges
  • 45% - Ensuring employees understand what is expected of them
  • 44% - Educating employees about cybersecurity
  • 43% - Understanding what security is needed
  • Methodology
  • Sage's research was conducted by independent market research company, Danebury Research, between 4th April and 15th April 2023, via 2,100 online interviews with decision makers in SMBs with up to 499 employees.
  • The 2,100 interviews were split across nine markets. These were: UK (500), US (500), France (100), Germany (100), Portugal (100), Spain (100), South Africa (100), Canada (500) and Australia (100). In addition to presenting global, overarching trends, the results were broken down into individual market tables and regional samples.


About Sage Group

Sage exists to knock down barriers so everyone can thrive, starting with the millions of small- and mid-sized businesses served by us, our partners and accountants. Customers trust our finance, HR and payroll software to make work and money flow. By digitising business processes and relationships with customers, suppliers, employees, banks and governments, our digital network connects SMBs, removing friction and delivering insights. Knocking down barriers also means we use our time, technology, and experience to tackle digital inequality, economic inequality and the climate crisis. Learn more at

Give Feedback