The Impact of Cybersecurity Practices on Cyberattack Damage: The Perspective of Small Enterprises in Saudi Arabia

Alharbi, Fawaz; Alsulami, Majid H.; AL-Solami, Abdullatif; Al-Otaibi, Yazeed; Al-Osimi, Meshaal; Al-Qanor, Fahad; Alotaibi, Khalid Ayidh

doi:10.3390/s21206901

Cited by 15 publications

(16 citation statements)

References 17 publications

(17 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Kaila and Urpo [94] suggest the useful first steps for start-ups and SMBs should be: identifying assets and risks; protecting accounts, systems, clouds, and data; implementing a continuity plan; and monitoring and reviewing. Other researchers suggested SMBs should put more focus on practices that can decrease the impact of cyberattacks such as investing in an inspection team and a documented recovery plan [105]. It is not only the SMB's responsibility, but also technology vendors who have been challenged to incorporate security into computing technologies to assist the likes of SMBs with limited knowledge and access to expertise [26].…”

Section: Discussion and Recommendationsmentioning

confidence: 99%

“…For example McLauren adopted a quantitative approach to study to which extent SMBs should implement a security framework to offer the most return on investment [28]. Alharbi et al [105] also adopted quantitative methods to measure the impact that SMB cyber security practices have on cyber-attack damage. Their research indicated that having an inspection team and a recovery plan reduced the financial damage that a cyber-attack had on SMBs in Saudi Arabia.…”

Section: E Research Methodology Usedmentioning

confidence: 99%

“…Having good mitigation strategies also brings a business benefit where the organisation can demonstrate compliance and reasonable effort to protect the business, customer or staff data should a cyber incident occur [18]. Alharbi et al [105] measured how certain cyber security practices can affect the level of harm caused by cyber-attacks and found that having a cyber security inspection team and recovery plan reduced the financial damage caused by cyberattacks in SMBs. For incidents that eventuate, SMBs were disinterested in reporting the incident or conducting forensic analysis due to the costs of the activities; SMBs simply wanted to move on rather than spend time determining the source or cause of attack [106].…”

Section: ) Respondmentioning

confidence: 99%

“…Only five [15,18,85,94,105] of the papers reviewed focussed on the Recover function with the Recovery Planning category being the most popular category. The Improvements category was not represented in the literature.…”

Section: ) Recovermentioning

confidence: 99%

“…Planning for the worst is crucial for recovery in the event that a cyber-attack occurs and this can be achieved by having a business continuity plan in place [94]. In their research Alharbi et al [105] found that having an inspection team and a recovery plan reduced the financial damage a cyber-attack had on SMBs in Saudi Arabia. Additionally, their research revealed having contact with cyber security authorities statistically reduced the restoration time following a cyber-attack.…”

Section: ) Recovermentioning

confidence: 99%

See 4 more Smart Citations

A Survey on the Cyber Security of Small-to-Medium Businesses: Challenges, Research Focus and Recommendations

2022

View full text Add to dashboard Cite

Small-to-medium sized businesses (SMBs) constitute a large fraction of many countries' economies but according to the literature SMBs are not adequately implementing cyber security which leaves them susceptible to cyber-attacks. Furthermore, research in cyber security is rarely focused on SMBs, despite them representing a large proportion of businesses. In this paper we review recent research on the cyber security of SMBs, with a focus on the alignment of this research to the popular NIST Cyber Security Framework (CSF). From the literature we also summarise the key challenges SMBs face in implementing good cyber security and conclude with key recommendations on how to implement good cyber security. We find that research in SMB cyber security is mainly qualitative analysis and narrowly focused on the Identify and Protect functions of the NIST CSF with very little work on the other existing functions. SMBs should have the ability to detect, respond and recover from cyberattacks, and if research lacks in those areas, then SMBs may have little guidance on how to act. Future research in SMB cyber security should be more balanced and researchers should adopt well-established powerful quantitative research approaches to refine and test research whilst governments and academia are urged to invest in incentivising researchers to expand their research focus.INDEX TERMS Cyber security, small-to-medium business, security posture, cyber security threats, cyber security frameworks, security and privacy.

show abstract

Section: Discussion and Recommendationsmentioning

confidence: 99%

Section: E Research Methodology Usedmentioning

confidence: 99%

Section: ) Respondmentioning

confidence: 99%

Section: ) Recovermentioning

confidence: 99%

Section: ) Recovermentioning

confidence: 99%

See 3 more Smart Citations

A Survey on the Cyber Security of Small-to-Medium Businesses: Challenges, Research Focus and Recommendations

2022

View full text Add to dashboard Cite

show abstract

Perceptions and dilemmas around cyber-security in a Spanish research center after a cyber-attack

Navajas-Adán,

Badia-Gelabert,

Jiménez-Saurina

et al. 2024

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Information and Communication Technologies and Internet networks are present in all aspects of social reality and are essential elements in research, development and innovation centers (R&D&I). Cyber-security is crucial for the progress of the research activities developed in these centers, especially given the exponential growth of cyber-attacks and incidents. The present study aims to assess from a socio-technical approach, how a serious cyber-attack on a Spanish research center has affected staff’s perceptions of information and communication systems (ICT) security. This study employed a mixed-methods research strategy, combining quantitative and qualitative methods to provide a comprehensive and nuanced understanding of ICT security perceptions among employees. First a quantitative scale was administered to 1,321 employees 3 years before the cyber-attack and 4 months afterward, to measure ICT security perceptions. Then, qualitative techniques (semi-structured interviews, focus groups, and micro-ethnography) were applied to gain a deeper understanding of the arguments underpinning cyber-security at the center after the attack. The results show that the event had an impact on employees’ perceptions, increasing the perceived importance of ICT security, with positive behavioral changes noted, but with doubts about their sustainability over time. Also, the need for cyber-security governance was critically contrasted with organizational reality. Finally, the compatibility of science and cyber-security was a central dilemma, which seems to confront antagonistic poles (research and security ICT) and justify the non-compliance with security protocols by part of the staff.

show abstract

Perceptions of organizational responsibility for cybersecurity in Saudi Arabia: a moderated mediation analysis

Asfahani

2024

Int. J. Inf. Secur.

View full text Add to dashboard Cite

The Impact of Cybersecurity Practices on Cyberattack Damage: The Perspective of Small Enterprises in Saudi Arabia

Cited by 15 publications

References 17 publications

A Survey on the Cyber Security of Small-to-Medium Businesses: Challenges, Research Focus and Recommendations

A Survey on the Cyber Security of Small-to-Medium Businesses: Challenges, Research Focus and Recommendations

Perceptions and dilemmas around cyber-security in a Spanish research center after a cyber-attack

Perceptions of organizational responsibility for cybersecurity in Saudi Arabia: a moderated mediation analysis

Contact Info

Product

Resources

About