Effectiveness of the NIST Cybersecurity Framework in Small and Medium Enterprises (SMEs) in the UK.

Abstract

Small and medium-sized enterprises (SMEs) in the UK confront more sophisticated and frequent cyber risks in today's linked environment. This research examines UK IT-related SMEs' adoption and efficacy of the NIST Cybersecurity Framework (CSF). The research evaluates SMEs' cybersecurity issues, NIST CSF's response, and its implementation hurdles. The quantitative study surveys IT managers, cybersecurity professionals, and company owners to assess SMEs' cybersecurity practices, framework adoption, and problems. Results revealed that although many SMEs see the relevance of NIST CSF, complexity, lack of technical competence, and budget restrictions limit its implementation. The structure improves cybersecurity, but the absence of formal training and top management backing is a major drawback. The results suggest simplifying the framework, engaging in training, and finding external expert advice to speed up NIST CSF implementation for SMEs. The research also proposes that politicians and industry groups must raise awareness, provide funding, and create sector-specific cybersecurity frameworks. Focusing on UK SMEs and self-reported data may bias the research. Fu study should compare NIST CSF adoption across geographies and industries and examine its long-term effects. The results improve SME cybersecurity resilience and NIST CSF adoption insights