When Jaguar Land Rover (JLR) got hit by a cyber attack in September 2025, the cavalry arrived fast. Production shut down across multiple sites. The UK government pitched in with a £1.5 billion (R35 billion) loan guarantee. That won’t be happening here in South Africa. JLR scrambled together a £500 million (R11.6 billion) bailout package for struggling suppliers. Headlines tracked every development like it was breaking news.
But here’s what keeps me awake at night: JLR is the exception, not the rule.
Small business cyber attacks happen in complete silence
When a small manufacturing business gets ransomware, there are no government bailouts. When a local distributor’s systems go dark for three weeks, there’s no R11 billion rescue package. These companies and their suppliers simply suffer in silence. And the devastation is total.
Think about a small component manufacturer employing 25 people. They get hit. Systems encrypted. Operations frozen. But the damage doesn’t stop there.
The machine shop that supplies them with raw materials? Orders stop dead. The logistics company that moves their goods? Trucks sit idle gathering dust. The packaging supplier? Production lines go quiet. Within weeks, that single cyber attack has rippled through a dozen businesses.
Each one is laying off staff. Each one is burning through savings. Each one is facing suppliers demanding payment, whilst customers aren’t paying them.
It’s not just business – it’s people’s lives falling apart
These aren’t just business problems on some spreadsheet. They’re life problems affecting real families. The owner who remortgaged their home to keep the business afloat during the attack. The employee who loses their job and can’t make rent. The supplier’s staff who see their hours cut just before Christmas.
Families are thrown into crisis. Mortgages at risk. University plans abandoned. Lives fundamentally altered.
And it all happens in silence. No press releases. No government task forces. No rescue packages. Just quiet desperation spreading through interconnected small businesses that form the backbone of our economy.
The cruel mathematics are simple: if you’re a small business and 60% of your revenue comes from two clients, you’re one cyber attack away from catastrophe. Not even your attack – theirs. Your cybersecurity might be spot on, but you’re still vulnerable to everyone you do business with.
What can South African SMEs actually do about it?
Start with the basics that are within your control. Multi-factor authentication on every system – no excuses. Regular, tested backups stored offline where hackers can’t reach them. Staff training on phishing threats because your weakest link is usually someone clicking the wrong email. Patch management. Basic cyber hygiene isn’t expensive – but recovering from an attack will destroy you.
Then ask the hard questions nobody wants to ask. Do your major clients have cyber insurance? What’s their incident response plan? How quickly could they resume operations if they got hit tomorrow? These aren’t comfortable conversations, but they’re necessary ones.
Because the next JLR-scale attack will make international headlines. But the hundred small South African businesses that collapse in its wake? They’ll disappear quietly. And unlike JLR’s suppliers, no one is coming to save them.
Need help protecting your business from cyber threats? The experts at BlueCloud Digital specialise in helping South African SMEs implement practical, affordable cybersecurity.
Has your business been affected by a supplier’s cyber attack? What cybersecurity measures have you put in place?
