The development of cyber security policies is an area of keen worldwide interest. Many countries are actively creating cyber security policies to manage their critical information infrastructures and their critical systems. Many developed countries have created comprehensive cyber security policies aimed at establishing effective national cyber security structures and international partnerships. Developing countries are also in the process of creating their own cyber security policies and frameworks, and these countries are in the position where they can harness the lessons learnt in developed regions. In this paper we will outline and discuss the developing cyber security policy framework in South Africa as an example of cyber security policy developments occurring in developing regions and the implications on SMMEs as a component of the resulting protection structures.