Cybersecurity Risk Management Investment: An Empirical Study on Impact Factors Affecting Decision-making in SMEs

No Thumbnail Available

Date

2023-07-01

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

Small and medium-sized enterprises (SMEs) have always attracted cyber attackers as one of the most reachable targets. However, during and after the Covid-19 pandemic, most enterprises accelerated the adoption of new technologies like remote work tools and cloud computing to cope with sudden national lockdowns and the Covid-19 restrictions like social distancing. SMEs’ vulnerability has increased dramatically because these technologies have relied on the internet. This made them more vulnerable to cyber-attacks than ever; and the SME sector was already in a critical situation regarding cybersecurity risk management (CRiM). Disregarding the importance of CRiM by decision-makers has become a phenomenon that few studies have investigated. Previous cybersecurity studies have shown a lack of interest in CRiM, particularly in terms of SMEs' strategic investment perspective. Therefore, this research has attempted to illustrate the crucial role of CRiM in the SME sector by conducting three scientific studies. First, a comprehensive literature review has been conducted, using NVivo software to analyse 25 out of 83 articles according to bibliographical information, research design, and findings. As a result, the review identified 5 major perspectives that play a key role in SMEs’ cybersecurity risk management, which are threats, behaviours, practices, awareness, and decision-making. Then, a qualitative exploratory approach was applied in the second study by conducting several interviews with decision-makers in the sector to understand this issue. The results revealed 8 encouragement factors that play a major role in encouraging SMEs’ decision-makers to invest in CRiM as a strategic priority. Therefore, the present study developed a novel model to classify these factors in three different contexts, which are technological; organisational; and environmental. Thereafter, an empirical study has been conducted to examine the relationship between these independent factors and their effects on encouraging CRiM investment decisions among SMEs. Moreover, the present research contributes to the knowledge by providing evidence that CRiM investment has become a strategic priority that should be urgently considered by SMEs’ decision-makers.

Description

Keywords

Financie, Decision-making, Investment, Risk Management, Cybersecurity

Citation

Endorsement

Review

Supplemented By

Referenced By

Copyright owned by the Saudi Digital Library (SDL) © 2024