South Africa is one of the countries negatively affected by cyberattacks in Africa and the world. Unfortunately, SMEs are affected the most by the cyberattacks. This study aimed to address the problem of high cyberattacks faced by SMEs in South Africa. The study introduced a conceptual framework from the Technology Organisation Environment framework theory. The study adopted a qualitative methodological choice whereby a document analysis was done influenced by the abductive reasoning research approach. Findings in this study highlight the five main cyberattacks faced by SMEs in South Africa and the costs of cyberattacks, which include financial, reputational and operational disruptions; furthermore, three main initiatives aimed at addressing this problem were discovered, and their limitations were highlighted. Recommendations highlight the need for increased financial and non-financial support and increase the uptake of SMEs in these initiatives. This study has both practical and theoretical implications. Practically, recommendations have been made to policymakers and other stakeholders so that they can address the problem of cyberattacks. Theoretically, a conceptual framework was developed, contributing to the body of knowledge. Future research should be empirical and test the proposed theoretical framework of this study.