Cybercrime is no longer a distant threat reserved for tech giants and multinational corporations. Across Africa, Australia, and New Zealand, small and medium-sized enterprises (SMEs) are finding themselves on the frontlines of a digital war—one where the stakes are nothing short of survival. As attacks surge and criminals grow bolder, local entrepreneurs, insurance experts, and industry leaders are racing to adapt, innovate, and shield their communities from devastating losses.
In Africa, the numbers paint a sobering picture. According to Techpoint Africa, South African firms faced as many as 1,450 cyberattacks each week in 2024. The problem isn't isolated: Kenya saw cyber incidents skyrocket to 2.54 billion in just the first quarter of 2025—a jaw-dropping 201.7% increase from the previous quarter. Nigerian SMEs, too, felt the heat, encountering an 87% rise in phishing attacks in 2022 compared to the year before, as reported by the Cyber Security Experts Association of Nigeria.
David Cohen, CEO of CheckMark Cyber, doesn't mince his words. "Hackers don't leapfrog over Africa in order to get to America. An IP address, a computer, is what they're looking for—and there are lots of them in Africa. It's an illusion that Africa is being sidestepped… African businesses are as vulnerable as all businesses." His warning rings true: INTERPOL's Africa Cyberthreat Assessment Report 2025 reveals that cybercrime now accounts for more than 30% of all reported crimes in western and eastern Africa. South Africa, according to Surfshark's global cybercrime density reports, consistently ranks among the world's top countries for cybercrime victim density.
The financial toll is staggering. In South Africa, the average cost of a data breach hit $2.95 million in 2024, before dipping to $2.45 million in 2025—thanks, in part, to faster detection and the adoption of artificial intelligence (AI)-driven defenses, as highlighted by IBM's latest report. Still, these costs remain among the highest globally. Across the continent, nine out of ten businesses operate without proper cybersecurity protocols, leaving them exposed to the same threats facing wealthier economies.
Meanwhile, a similar story is unfolding on the other side of the globe. On October 7, 2025, Emergence Insurance released its inaugural Cyber Claims Data Report, shining a spotlight on SMEs in Australia and New Zealand. The findings? Median cyber claim costs have risen every year since 2021, with ransomware incident costs nearly doubling—from $106,500 in 2021 to $207,600 in 2024. Emergence CEO Troy Filipcevic summed it up: "SMEs are particularly vulnerable—cyber insurance can be the difference between surviving an attack or going bust. Immediate and effective incident response is crucial to mitigating the impact."
Business Email Compromise (BEC) emerged as the leading cause of cyber claims in 2024, accounting for nearly half of all incidents, with Socially Engineered Theft (SET) following at 16%. Blake Baxter, head of claims and incident response at Emergence, observed, "You would think there is a lot of awareness around phishing techniques through workplace cyber training, but many employees are still unaware of how their inadvertent acts can result in a serious cyber incident." Healthcare and professional services sectors bore the brunt, both in terms of frequency and cost of claims, due to the sensitivity of personal data and regularity of financial transactions.
Back in Africa, the challenge isn't just technological—it's systemic. Warren Sher, CTO of Du Pont Telecom in Johannesburg, highlighted a critical gap: "There is no real way to report or prosecute these crimes. If you go to a police station to report such a crime, there will be no one there who will understand what you are talking about." This lack of law enforcement infrastructure, coupled with limited government support and scarce funding, leaves businesses to fend for themselves. Talent, too, often migrates abroad, draining the continent of much-needed expertise.
Yet, against these odds, African entrepreneurs are stepping up. They're not just importing solutions—they're building tools tailored to local realities. Abdullah Kaymakci, Managing Director of Cyberrey, explained, "Africa's cyber threat landscape is unique because it mirrors the continent's dual reality: rapid digital adoption paired with uneven cyber maturity." His company partners with global players like Hack The Box and Forestall, but adapts their products to fit local needs, limited budgets, and fragmented infrastructure. "AI is no longer futuristic; it's a frontline necessity," Kaymakci said. "But in Africa, where skills shortages are acute, we balance AI with human expertise by upskilling local talent. This ensures AI is not a black box but a force multiplier for skilled professionals on the ground."
Vidashni Pillay, Managing Director of VIC IT Consulting, echoed this sentiment. Her firm serves clients across southern Africa, focusing on awareness training and compliance. "Africa as a whole remains the most vulnerable continent to cyberattacks. Limited awareness, skills gaps and resource constraints make businesses and individuals easy targets for ransomware, phishing and fraud," she said. VIC IT's approach? Start with people. "By empowering people with knowledge, we create stronger defences alongside the technology we provide." Like Cyberrey, VIC IT is betting on AI to filter threats and allow teams to focus on strategy and advanced defense. Pillay was blunt: "The cost of recovering from a cyberattack is always far higher than the cost of prevention. By tailoring affordable, scalable solutions that grow with their business, we make cybersecurity an investment in continuity and customer trust, not just an expense."
Kevin Wotshela, Managing Director of Magix, a South African cybersecurity firm, believes SMEs are often overlooked targets. "Small businesses mistakenly believe cybercriminals focus on corporates, but they are prime targets because of weaker security controls and limited resources. Prevention is always more cost-effective than a breach," he said. Magix recently launched an R&D Lab dedicated to anticipating next-generation threats, from deepfake cyber threats to the dual use of AI in ethical and unethical hacking. By pairing research with offensive security expertise, the lab is helping African businesses prepare for attacks most companies have not yet imagined.
Across the Indian Ocean, the Insurance Council of Australia (ICA) is calling for broader reforms. With AI-driven threats on the rise, the ICA recommends expanding cybersecurity requirements for businesses, increasing accountability for technology providers, and developing workforce programs to embed cybersecurity expertise in SMBs. They also advocate for broader ransomware incident reporting and a national approach that considers the varying capabilities of businesses across different sectors—especially those with limited resources.
For many SMEs, the message is clear: cybersecurity is no longer a luxury. It's a necessity, a business continuity strategy, and, increasingly, a shared responsibility. As Eva August, CEO of Century 21 South Africa, put it, "With fraud and phishing threats on the rise, we commend African innovators who are helping businesses safeguard client funds. It's our shared responsibility to stay ahead of risk and we take that seriously in how we protect our clients and empower our agents."
While challenges abound—limited funding, reactive security cultures, and a relentless, evolving threat landscape—local innovation and collaboration offer a glimmer of hope. Whether in Johannesburg, Nairobi, Sydney, or Auckland, a new generation of defenders is rising, determined to make cyberspace safer for everyone.