Cybersecurity Awareness and Capacities of SMEs
Gencer Erdogan, Ragnhild Halvorsrud, Costas Boletsis, Simeon Tverdal, John Brian Pickering
2023
Abstract
Small and Medium Enterprises (SMEs) are increasingly exposed to cyber risks. Some of the main reasons include budget constraints, the employees’ lack of cybersecurity awareness, cross-sectoral cyber risks, lack of security practices at organizational level, and so on. To equip SMEs with appropriate tools and guidelines that help mitigate their exposure to cyber risk, we must better understand the SMEs’ context and their needs. Thus, the contribution of this paper is a survey based on responses collected from 141 SMEs based in the UK, where the objective is to obtain information to better understand their level of cybersecurity awareness and practices they apply to protect against cyber risks. Our results indicate that although SMEs do apply some basic cybersecurity measures to mitigate cyber risks, there is a general lack of cybersecurity awareness and lack of processes and tools to improve cybersecurity practices. Our findings provide to the cybersecurity community a better understanding of the SME context in terms of cybersecurity awareness and cybersecurity practices, and may be used as a foundation to further develop appropriate tools and processes to strengthen the cybersecurity of SMEs.
DownloadPaper Citation
in Harvard Style
Erdogan G., Halvorsrud R., Boletsis C., Tverdal S. and Brian Pickering J. (2023). Cybersecurity Awareness and Capacities of SMEs. In Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-624-8, pages 296-304. DOI: 10.5220/0011609600003405
in Bibtex Style
@conference{icissp23,
author={Gencer Erdogan and Ragnhild Halvorsrud and Costas Boletsis and Simeon Tverdal and John Brian Pickering},
title={Cybersecurity Awareness and Capacities of SMEs},
booktitle={Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2023},
pages={296-304},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011609600003405},
isbn={978-989-758-624-8},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Cybersecurity Awareness and Capacities of SMEs
SN - 978-989-758-624-8
AU - Erdogan G.
AU - Halvorsrud R.
AU - Boletsis C.
AU - Tverdal S.
AU - Brian Pickering J.
PY - 2023
SP - 296
EP - 304
DO - 10.5220/0011609600003405