With small businesses now depending on an average of 36 applications running in it – from business banking and customer management to AI tools – the browser has quietly become both the primary workplace and the most overlooked security boundary in business, with 95% of companies experiencing a security incident originating in the browser.
This is according to Adriaan Joubert, technical solutions manager at Palo Alto Networks, who explains that the risks are more specific than most small- and medium-sized enterprise (SME) owners realise.
“Stolen passwords saved in browsers give attackers instant access to business banking, payroll systems, and cloud applications,” Joubert says. “Malicious browser extensions can sit silently inside an employee’s browser for months, logging keystrokes and harvesting credentials. Fake login pages that look identical to real ones trick staff into handing over access without knowing it.”
In South Africa, the stakes are particularly high.
SMEs account for more than 2-million companies, represent more than 98% of formal businesses, contribute 40% of GDP, and provide 87% of employment opportunities in the country.
“A single successful cyberattack on a small business doesn’t just threaten that business; it ripples through the livelihoods of the employees and communities that depend on it,” Joubert adds. “It can also disrupt the wider supply chains in which SMEs play a critical role, creating downstream consequences for larger businesses and entire industries.”
And the threat landscape is evolving.
Joubert says that the rapid adoption of AI tools is compounding the risk, making it harder for small businesses to keep their operations protected and prevent business information from ending up in the wrong hands. “For SMEs without large security teams or enterprise budgets, a single successful browser attack can trigger a chain of consequences from financial loss to regulatory penalties that are disproportionately hard to recover from.”
The core of the problem, he explains, is that standard browsers were never built to stop modern cyberattacks or prevent AI data leaks.
“Yet for most small businesses, the browser is now the office,” he says. “It’s where they interact with customers, manage their books, and use AI tools to grow their business. And increasingly, employees are doing all of this from any device, anywhere.”
Joubert believes the answer is to build security directly into the browser itself, giving small businesses the same level of protection that large enterprises rely on.
“This means blocking phishing, ransomware, and fraud threats before they cause harm while giving businesses control over how employees and AI tools interact with sensitive data – all without requiring a dedicated security team or disrupting the way people work.
“Small businesses deserve enterprise-grade protection that is simple to manage and doesn’t come with enterprise complexity or cost,” Joubert says. “That’s the direction the industry is moving in – and for an economy like South Africa’s, where SMEs are the backbone of growth and employment, it’s long overdue.”