Respite for SMEs: A Systematic Review of Socio-Technical Cybersecurity Metrics

Haastrecht, Max van; Özkan, Bilge Yiğit; Brinkhuis, Matthieu; Spruit, Marco

doi:10.3390/app11156909

Cited by 14 publications

(3 citation statements)

References 133 publications

(307 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…IT refers to technology that is capable of enhancing enterprises' productivity and market competitiveness, including devices, systems, networks, data, etc. When an enterprise sustains its operation by relying on IT, it must build a mechanism to control and protect it [6,7]. Otherwise, the exposure of enterprises to threat will increase.…”

Section: Research Background and Motivementioning

confidence: 99%

Identification of SMEs in the Critical Factors of an IS Backup System Using a Three-Stage Advanced Hybrid MDM–AHP Model

Chen

Chou

Lin³

et al. 2023

Sustainability

View full text Add to dashboard Cite

Backup system work represents “the last mile” of information security (IS). To avoid data loss or damage, enterprises should execute data backup periodically to ensure the integrity and availability of such data. Additionally, due to the continuous emergence of IS incidents featuring malicious attacks in recent years, major firms in countries around the world have successively reported being under attack by ransomware viruses. In particular, small and medium enterprises (SMEs) became the potential targets of malicious attacks based on their different types of IS awareness and degrees of digitalization; therefore, IS work has become one of the essential topics with special significance for numerous SMEs. To this end, this paper studied the factors influencing SMEs’ adoption of IS backup systems in the hope that the critical decision-making behaviors of SMEs regarding the issue of IS could be learned. Practical suggestions can be made for the marketing schemes adopted by IS manufacturers concerning the planning of IS backup systems. Thus, this study used three methodological stages to address the exciting issue of IS backup systems for SMEs. In the first stage, 11 factors at two hierarchies involving three constructs influencing SMEs’ adoption of IS backup systems were summarized via a literature review. The constructs included financial consideration (FC), the IS incident, and business IS decision making (BISD-M). In the second stage, an expert questionnaire was applied; an advanced hybrid modified Delphi method (MDM) and analytic hierarchy process (AHP) with expert input were constructed to identify the sorting of overall weights based on the 11 factors included in the first stage. Following the empirical conclusions, the top three critical factors were “disaster loss amount”, “enterprise’s downtime”, and “supplier’s contractual requirements”. The conclusions of this study indicated that two factors were included in the FC construct; thus, the FC construct influenced IS the most, and the BISD-M construct took second place. In the final stage, through re-checking three actual cases, the results of this study were verified with specific respect to the FC. In conclusion, to popularize IS backup systems among SMEs and fully implement IS, manufacturers may start from the FC in the hope that the severe impact caused by IS incidents featuring malicious attacks can be slowed down and the losses encountered can be lowered. The empirical results and conclusions of this study can be used for reference by SMEs, and both theoretical and empirical foundations have been provided for further studies in academic circles; the results above also show a significant application contribution of this study.

show abstract

Section: Research Background and Motivementioning

confidence: 99%

Identification of SMEs in the Critical Factors of an IS Backup System Using a Three-Stage Advanced Hybrid MDM–AHP Model

Chen

Chou

Lin³

et al. 2023

Sustainability

View full text Add to dashboard Cite

show abstract

“…SMEs have become put into positions of exploitation, whereby the likelihood of cyber-attacks come at a high price in experiencing cyber incidents. In a recent paper by van Haastrecht, M. et al (2021) [41], SMEs struggle to cope with the rise in cyber security threats leading to intuitive, threat-based cyber security risk assessment approaches for the least digitally mature SMEs, using a socio-technical cyber security framework to help contribute towards the needs of SMEs. The works of van Haastretcht use both a framework and the ADKAR (awareness, desire, knowledge, ability, reinforcement) change management model of Hiatt [42] to guide the research in covering the social dimensions needed to be considered in SMEs.…”

Section: Sme's Cybersecurity Barriers and Challengesmentioning

confidence: 99%

Machine Learning Cybersecurity Adoption in Small and Medium Enterprises in Developed Countries

2021

View full text Add to dashboard Cite

In many developed countries, the usage of artificial intelligence (AI) and machine learning (ML) has become important in paving the future path in how data is managed and secured in the small and medium enterprises (SMEs) sector. SMEs in these developed countries have created their own cyber regimes around AI and ML. This knowledge is tested daily in how these countries’ SMEs run their businesses and identify threats and attacks, based on the support structure of the individual country. Based on recent changes to the UK General Data Protection Regulation (GDPR), Brexit, and ISO standards requirements, machine learning cybersecurity (MLCS) adoption in the UK SME market has become prevalent and a good example to lean on, amongst other developed nations. Whilst MLCS has been successfully applied in many applications, including network intrusion detection systems (NIDs) worldwide, there is still a gap in the rate of adoption of MLCS techniques for UK SMEs. Other developed countries such as Spain and Australia also fall into this category, and similarities and differences to MLCS adoptions are discussed. Applications of how MLCS is applied within these SME industries are also explored. The paper investigates, using quantitative and qualitative methods, the challenges to adopting MLCS in the SME ecosystem, and how operations are managed to promote business growth. Much like security guards and policing in the real world, the virtual world is now calling on MLCS techniques to be embedded like secret service covert operations to protect data being distributed by the millions into cyberspace. This paper will use existing global research from multiple disciplines to identify gaps and opportunities for UK SME small business cyber security. This paper will also highlight barriers and reasons for low adoption rates of MLCS in SMEs and compare success stories of larger companies implementing MLCS. The methodology uses structured quantitative and qualitative survey questionnaires, distributed across an extensive participation pool directed to the SMEs’ management and technical and non-technical professionals using stratify methods. Based on the analysis and findings, this study reveals that from the primary data obtained, SMEs have the appropriate cybersecurity packages in place but are not fully aware of their potential. Secondary data collection was run in parallel to better understand how these barriers and challenges emerged, and why the rate of adoption of MLCS was very low. The paper draws the conclusion that help through government policies and processes coupled together with collaboration could minimize cyber threats in combatting hackers and malicious actors in trying to stay ahead of the game. These aspirations can be reached by ensuring that those involved have been well trained and understand the importance of communication when applying appropriate safety processes and procedures. This paper also highlights important funding gaps that could help raise cyber security awareness in the form of grants, subsidies, and financial assistance through various public sector policies and training. Lastly, SMEs’ lack of understanding of risks and impacts of cybercrime could lead to conflicting messages between cross-company IT and cybersecurity rules. Trying to find the right balance between this risk and impact, versus productivity impact and costs, could lead to UK SMES getting over these hurdles in this cyberspace in the quest for promoting the usage of MLCS. UK and Wales governments can use the research conducted in this paper to inform and adapt their policies to help UK SMEs become more secure from cyber-attacks and compare them to other developed countries also on the same future path.

show abstract

“…In the absence of a resilience mechanism to overcome interruptions in business, as usual, activities in electronic commerce could no longer function [11]. Resilience may be analyzed from the perspective of cyber threats to the information system, as cyber resilience can help organizations to anticipate and manage them [12,13]. At the same time, increasing resilience in electronic commerce can be achieved using Artificial Intelligence, which can contribute to 'readying supply chains to reduce their risk of disruption' [14].…”

Section: Introductionmentioning

confidence: 99%

Extending the Frontiers of Electronic Commerce Knowledge through Cybersecurity

et al. 2022

View full text Add to dashboard Cite

As technology becomes more sophisticated so do cyber-attacks. The resilience of electronic commerce organisations represents a critical point nowadays because it influences consumer and digital business behaviour. In this context, the cybersecurity and electronic commerce knowledge were reviewed as a unit. The main aim of this paper is to support researchers and managers in understanding the theoretical framework and to provide a knowledge-based model. To achieve this aim, the authors performed an analysis of 14,585 papers from the Web of Science Core Collection that generated two visualized networks, analyzed with the metrics mean silhouette, modularity, betweenness centrality, and citation bursts in the context of digital resilience. The mapping process results show that the human factor represents the central junction with the fear of cyber-attacks and the perception of online shopping as risky. The adoption of electronic commerce and mobile commerce are two challenging research lines in the global economic resilience. Their adoption enabled by big data, artificial intelligence, machine learning, and even blockchain technology can strengthen resilience even when cybersecurity education is needed.

show abstract

Respite for SMEs: A Systematic Review of Socio-Technical Cybersecurity Metrics

Cited by 14 publications

References 133 publications

Identification of SMEs in the Critical Factors of an IS Backup System Using a Three-Stage Advanced Hybrid MDM–AHP Model

Identification of SMEs in the Critical Factors of an IS Backup System Using a Three-Stage Advanced Hybrid MDM–AHP Model

Machine Learning Cybersecurity Adoption in Small and Medium Enterprises in Developed Countries

Extending the Frontiers of Electronic Commerce Knowledge through Cybersecurity

Contact Info

Product

Resources

About