Key insights from Cybersecurity Month 2024: Protecting Medium-Sized Businesses in a digital-First Era.

A partnership driving innovation and growth

October 2024 marked another impactful Cybersecurity Month, with this year’s theme, “Empower Yourself, Protect Your World,” calling on businesses and individuals alike to take charge of their digital security. Medium-sized businesses, particularly in sectors like retail, are the backbone of South Africa’s economy. According to the International Finance Corporation (IFC), small and medium-sized enterprises (SMEs) constitute more than 90% of all formal businesses in the country, employ 50-60% of the workforce, and contribute approximately 34% to the GDP.  These companies are agile enough to adapt quickly to market shifts but often lack the robust cybersecurity resources available to larger corporations, leaving them increasingly vulnerable in an era of evolving cyber threats. 

Jeff Jack, CEO of Reflex Enterprise, a managed ICT solutions provider specialising in supporting South African medium-sized businesses, reflects on the key findings and pressing challenges highlighted during Cybersecurity Month. Drawing attention to the unique risks faced by this sector, he emphasises the critical role these businesses play in economic stability and growth—and the importance of equipping them to face today’s digital challenges.  

1. Surge in Cyber Attacks Targeting Mid-Sized Companies

According to the Cybersecurity & Infrastructure Security Agency (CISA), cyber incidents rose by 40% globally. Medium-sized businesses, including those in the retail sector, have become prime targets due to perceived vulnerabilities and limited cybersecurity resources. In South Africa, the South African Cyber Security Hub reported a 50% surge in cybercrime incidents, with smaller retailers and service providers experiencing increased losses and disruptions. The financial and operational impact on these businesses underscores the urgent need for robust security measures that align with mid-sized companies’ capabilities and budgets. 

2. Persistent Threat of Phishing 

Phishing remains one of the top cybersecurity threats, accounting for over 80% of all reported incidents. In South Africa, recent studies found that 65% of local medium-sized organisations, especially in retail, fell victim to phishing attempts, often compromising customer data and affecting reputation. Reflex encourages mid-sized businesses to implement multi-layered email filtering solutions and staff training to counter this prevalent threat, essential for safeguarding both internal operations and customer trust.

3. Limited Cybersecurity Preparedness and Awareness 

While 70% of business leaders recognize cybersecurity’s importance, only 45% feel confident about their current security measures, according to a National Cyber Security Alliance survey. In South Africa, a study by the CSIR revealed that just 30% of medium-sized business owners believe they are well-informed about cybersecurity best practices. Jack stresses the need for accessible cybersecurity education tailored to the unique operational demands of medium-sized enterprises, where staff wear multiple hats and may not have dedicated IT teams. 

4. Weak Password Hygiene

Simple security practices, such as using unique and strong passwords, could reduce the risk of unauthorized access by up to 80%. Yet 60% of individuals globally reuse passwords, and in South Africa, a recent Cyber Hygiene Report revealed that 70% of users, especially in mid-sized organisations, rely on the same password for multiple accounts. Businesses should consider password management tools and two-factor authentication (2FA) to enhance protection across accounts and reduce vulnerabilities. 

5. Investing in Cyber Hygiene Training 

Regular cybersecurity training can reduce successful attacks by up to 50%, according to Business Unity South Africa. For medium-sized businesses, such training has proven critical, with those implementing it seeing a 40% decrease in incidents over the past year. Reflecting its commitment to providing high-impact cybersecurity solutions to medium-sized enterprises, Reflex has recently partnered with Arctic Wolf, a leader in threat detection and response. Arctic Wolf’s advanced technology not only identifies threats but also addresses root causes and rapidly mitigates risks—critical capabilities for medium-sized businesses with limited internal cybersecurity resources. “This partnership further solidifies Reflex’s position as a trusted cybersecurity partner,” says Jack. “Our retail and mid-sized clients now have access to industry-leading protection that aligns with their operational realities.” 

A Call to Action for Medium-Sized Business Owners 

“Cybersecurity is within reach for every business. By investing in fundamental practices, such as using strong passwords, adopting two-factor authentication, regularly training employees, and partnering with trusted providers, medium-sized businesses can protect their digital assets and customer data more effectively,” concludes Jack from Reflex, as he encourages companies to reflect on these findings and to adopt a proactive approach, ensuring that cybersecurity becomes a daily priority.