Abstract
PurposeThere is widespread concern about the fact that small- and medium-sized enterprises (SMEs) seem to be particularly vulnerable to cyberattacks. This is perhaps because smaller businesses lack sufficient situational awareness to make informed decisions in this space, or because they lack the resources to implement security controls and precautions.Design/methodology/approachIn this paper, Endsley’s theory of situation awareness was extended to propose a model of SMEs’ cyber situational awareness, and the extent to which this awareness triggers the implementation of cyber security measures. Empirical data were collected through an online survey of 361 UK-based SMEs; subsequently, the authors used partial least squares modeling to validate the model.FindingsThe results show that heightened situational awareness, as well as resource availability, significantly affects SMEs’ implementation of cyber precautions and controls.Research limitations/implicationsWhile resource limitations are undoubtedly a problem for SMEs, their lack of cyber situational awareness seems to be the area requiring most attention.Practical implicationsThe findings of this study are reported and recommendations were made that can help to improve situational awareness, which will have the effect of encouraging the implementation of cyber security measures.Originality/valueThis is the first study to apply the situational awareness theory to understand why SMEs do not implement cyber security best practice measures.
Highlights
Small- and medium-sized enterprises (SMEs), businesses with fewer than 250 employees (Ward, 2021), represent the majority of businesses worldwide and play an important role in economic development
The research question to be addressed in this paper is: How do SMEs’ cyber situational awareness influence their implementation of cyber security controls and precautions? We report on a study we carried out with 361 United Kingdom (UK)-based businesses to investigate this question
We found that the bigger the business, the more controls that were implemented
Summary
Small- and medium-sized enterprises (SMEs), businesses with fewer than 250 employees (Ward, 2021), represent the majority of businesses worldwide and play an important role in economic development. Within the United Kingdom (UK), SMEs account for 99.9% of the business population, with the majority (99.3%) having fewer than 50 employees. Organizational Cybersecurity Journal: Practice, Process and People Vol 1 No 1, 2021 pp. Published in Organizational Cybersecurity Journal: Practice, Process and People. The full terms of this license may be seen at http:// creativecommons.org/licences/by/4.0/legalcode
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Organizational Cybersecurity Journal: Practice, Process and People
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
