Abstract
The significance of small, medium and micro enterprises (SMMEs) cannot be understated, as they are essential to job creation and innovation. This research aimed to understand the adoption or non-adoption of cybersecurity practices by SMMEs in South Africa. The objectives of this research were separated into two aspects: establishing whether SMMEs are adopting cybersecurity practices and the extent of their understanding, knowledge, and skills regarding implementing common cybersecurity practices. The second aspect of the objectives was understanding to what extent SMMEs are making use of cybersecurity practices and the level of integration with their digital technologies. The methodology used for this research is a descriptive qualitative approach with a case study strategy. Responses received were obtained from nine SMMEs using semi-structured questionnaires for in-depth interviews. The findings suggest SMMEs face challenges adopting cybersecurity practices, with costs of adoption being a common factor and the awareness and understanding by employees regarding cybersecurity practices being another. In addition, some participants indicated the need for external assistance tailored for SMMEs to implement cybersecurity. Several participants indicated they frequently experienced phishing scams and had measures to combat such threats. Through the research findings, evidence was provided that made it apparent that due to the advancements in digital technologies, there was a need for SMMEs to be protected from threats. However, many respondents indicated that they had implemented some cybersecurity practices from the enterprise's inception, which further establishes that enterprises have a certain level of understanding. The understanding of cybersecurity and its components was evident, and there was integration into the digital technologies used by the enterprise. The SMMEs that participated in this research study provided data that was used to develop a framework that can be implemented by SMMEs that will assist them with their adoption of cybersecurity practices.
Keywords: SMMEs, Cybersecurity practices, Adoption, SMME framework.