Sanele Gcumisa | 15 July 2025
Sanele Gcumisa is the founder and managing member of Ocule IT, a digital consultancy agency that provides a comprehensive range of information technology services.
South Africa has earned an unfortunate reputation as the continent’s cybercrime hotspot with an annual cost of cybercrime at over R2 billion. And, despite ongoing misconceptions that big business presents the most attractive prospects for opportunistic criminals, thousands of small businesses are among the unfortunate victims.
Just a few years ago, one of our employees at Ocule IT fell victim to a phishing scam, designed to obtain and exploit our company’s banking details. All it took was one click-through from an email that was made to look like it came from a legitimate bank, asking the individual to update the account information.
Thankfully, the bank flagged this activity as suspicious, and we were able to secure the account before any funds were stolen. It was a close call – too close for comfort. Since then, we’ve tightened up our cybersecurity measures and employee training programmes.
When most small and medium enterprise (SME) owners think of the major risks related to cybercrime, the immediate financial loss may be top of mind. However, the risks involved extend far beyond financial theft and fraud.
For example, a data breach where confidential customer, supplier or partner data is leaked could severely damage a small business’s reputation. Loss of trust and negative publicity can, in turn, have a major impact on sales and the long-term viability of the business.
Along with these risks, it’s also important to consider the cost of business interruption and any potential downtime when operations are disrupted, causing both revenue and productivity losses.
In the aftermath of a cyberattack, other substantial losses can occur, such as the revenue, human resource and time cost related to notifying affected customers, legal fees, and regulatory fines if sensitive data is compromised.
The point is that a single cyberattack can set off a disastrous continuum of events that could lead to a small business closing its doors. The cost is simply too great to ignore.
We have gained significant value from accessing online resources and webinars that share best practices in IT and highlight emerging cybercrime trends. A key takeaway has been that effective cybersecurity can be achieved without incurring high costs.
The small business experts at our financier, Business Partners Limited, offers SMEs like us additional support through its Technical Assistance Programme, which connects small businesses with experienced mentors and technical experts. These consultants can review business operations and provide guidance on developing cybersecurity policies and response plans.
We now understand that simple, affordable steps – such as using firewalls, installing antivirus software, and keeping systems updated – can significantly reduce the business’s risk of cyber threats. These lessons have been especially helpful for us, as, like most small businesses, we don’t have endless budgets for cybersecurity.
Since the phishing incident, we have implemented several simple but effective measures to protect the long-term financial health of our company. These include rolling out multi-factor authentication across all critical accounts, upgrading our firewall and antivirus software, and initiating regular data backups to a secure offsite location to ensure business continuity in the event of a breach.
Our approach to developing robust safeguards against cybercrime has been both proactive and reactive, because let’s face it, there are potential loopholes in every plan, regardless of how thorough it is. To bridge this gap, we opted to take out cyber insurance to cover incidents like data breach notification costs, legal fees, regulatory fines, data recovery expenses, business interruption losses, and ransomware payments.
Fortunately, we have not needed to use it, but having the insurance policy in place gives us peace of mind that it’ll be business as usual should a cyber incident occur.
As an owner of a business who has many software innovations on the horizon, playing it safe when it comes to cybersecurity is an absolute necessity. This is not only in the best interests of the business but also key to protecting the livelihoods and stability of our dedicated team of facilitators, programmers and executives who make the magic happen.
