Exploring Technical Implementation of Cybersecurity Measures within Small and Medium Enterprises (SMEs) in the South African Market

Abstract

Small and Medium Enterprises (SMEs) are integral to South Africa’s economy, contributing up to 40% of GDP. However, they remain highly vulnerable to evolving cyber threats due to resource constraints, limited expertise, and challenges in regulatory compliance. This study explores the technical implementation, effectiveness, and challenges of cybersecurity measures in South African SMEs across four key sectors, namely financial services, retail and e-commerce, manufacturing, and mining. Using an interpretivist, qualitative research approach, the study gathered insights from semi-structured interviews with thirteen SMEs and document analysis to uncover cybersecurity practices and challenges. The research integrates the Resource-Based View (RBV), Diffusion of Innovations (DOI), and Technology Acceptance Model (TAM) to contextualise adoption behaviours and internal capabilities. Findings show limited adoption of advanced security measures due to cost, lack of expertise, and the complexity of POPIA compliance. Practical recommendations include cost-effective AI-driven solutions, improved cybersecurity literacy, and sector-specific policy support. This research contributes contextually by highlighting sectoral differences, methodologically by combining interview and document analysis, and theoretically by applying and extending RBV, DOI, and TAM frameworks in an emerging market context.