Abstract
The constantly evolving cyber threat landscape is a latent problem for today's companies. This is especially true for the Small and Medium-sized Enterprises (SMEs) because they have limited resources to face the threats but, as a group, represent an extensive payload for cybercriminals to exploit. Moreover, the traditional cybersecurity approach of protecting against known threats cannot withstand the rapidly evolving technologies and threats used by cybercriminals. This study claims that cyber resilience, a more holistic approach to cybersecurity, could help SMEs anticipate, detect, withstand, recover from and evolve after cyber incidents. However, to operationalize cyber resilience is not an easy task, and thus, the study presents a framework with a corresponding implementation order for SMEs that could help them implement cyber resilience practices. The framework is the result of using a variation of Design Science Research in which Grounded Theory was used to induce the most important actions required to implement cyber resilience and an iterative evaluation from experts to validate the actions and put them in a logical order. Therefore, this study proposes that the framework could benefit SME managers to understand cyber resilience, as well as help them start implementing it with concrete actions and an order dictated by the experience of experts. This could potentially ease cyber resilience implementation for SMEs by making them aware of what cyber resilience implies, which dimensions it includes and what actions can be implemented to increase their cyber resilience.
Highlights
Cyber threats are one of the main risks companies face today [1], [2], and they affect a large percentage of companies every year, especially Small and Medium-Sized Enterprises (SMEs) [1]–[4]
During these experts’ feedback sessions, the framework’s domains were arranged in an implementation order that the experts agreed upon to define the implementation order that they considered best according to their experience
With the objective of aiding SMEs in the operationalization of cyber resilience, this article presents a framework that could potentially be used by SMEs to understand what domains and policies are implied in cyber resilience building process
Summary
Cyber threats are one of the main risks companies face today [1], [2], and they affect a large percentage of companies every year, especially Small and Medium-Sized Enterprises (SMEs) [1]–[4]. The economic impact of cyber incidents can cost between hundreds of thousands of euros to the millions per company and per year in the European Union (EU) [5]. This economic impact can vary from the lowest average of 16,400 euros to the highest average of 14.1 million euros [5]. This means that for an SME, a successful cyberattack could be catastrophic.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
