The Impact of Cybersecurity Practices on Cyberattack Damage: The Perspective of Small Enterprises in Saudi Arabia.

Fawaz Alharbi,Majid Alsulami,Fahad Al-Qanor,Abdullatif Al-Solami,Khalid Al-Otaibi,Meshaal Al-Osimi,Yazeed Al-Otaibi

doi:10.3390/s21206901

Abstract

Small and medium-sized enterprises represent the majority of enterprises globally and yet have some difficulties in understanding the impact that cybersecurity threats could have on their businesses and the damage they could do to their assets. This study aims to measure the effectiveness of security practices at small-sized enterprises in Saudi Arabia in the event of a cybersecurity attack. Our paper is among the first research papers to measure the effectiveness of cybersecurity practices and the threat posed by cybersecurity breaches among small enterprises in the event of cybersecurity attacks. A total of 282 respondents participated, all of them representing small-sized enterprises in Saudi Arabia. The study applies multiple regression tests to analyze the effectiveness of 12 cybersecurity practices in three aspects: financial damage, loss of sensitive data, and restoration time, at small enterprises. The findings indicate that having an inspection team and a recovery plan may limit the financial damage caused by cybersecurity attacks on small enterprises. The results also show that cybersecurity awareness, knowledge of cybersecurity damage, and professionals’ salaries were related to the loss of sensitive data. Furthermore, the results indicate that contact with cybersecurity authorities and having an inspection team have statistically significant effects on restoration time.

Highlights

The advancement of information and communication technologies has impacted many areas of our society, from online shopping to social interaction
The aim of this research is to determine the impact of various security practices on the damage caused by cybersecurity attacks, especially for small enterprises in Saudi Arabia
Our paper discusses the relationship between various cybersecurity practices and the damage caused by cybersecurity attacks, which is an emerging research topic

Summary

Introduction

The advancement of information and communication technologies has impacted many areas of our society, from online shopping to social interaction. Despite the positive impacts that such technologies have had, they present many risks; for example, the use of information and communication technologies introduces the risk of cybersecurity attacks. The same report indicated that two thirds of the organizations investigated had experienced some kind of cybersecurity threat in 2019. Cyber-attacks are considered a threat to individuals, businesses, and governments. They manipulate users to gain access to their information [13]. The intended effects of cyberattack are not necessarily limited to the targeted computer systems or data themselves—for instance, attacks on computer systems which are intended to degrade or destroy infrastructure or C2 capability. The activation or effect of a cyberattack may be widely separated temporally and geographically from the delivery” [14]

Objectives

Methods

Findings

Discussion

Conclusion