• Abstract

    Small-to-medium-sized enterprises (SMEs) make up a significant portion of the economies of many nations. However, research shows that many companies fall short when establishing cyber security, making them vulnerable to assaults. In addition, while accounting for a sizable share of firms, studies on cyber security focus on SMEs. This study reviews the latest evaluation on the cyber security of SMEs, emphasizing how well this experiment aligns with the well-known National Institute of Standards and Technology (NIST) and Cyber Security Framework (CSF). The report begins by underlining the crucial necessity of cybersecurity in the digital era and the particular issues that SMEs confront. It emphasizes the financial and reputational dangers associated with cyber events, emphasizing the importance of solid cybersecurity procedures. The review investigates several cybersecurity risk management approaches, strategies and frameworks, providing insights into their relevance and efficacy in the context of SMEs. We discovered that study in SME cyber security is sophisticated and specialized attention on the NIST and CSF recognize as well as defend tasks, with minimal effort spent on the other current activities. SMEs should be equipped to detect, react to, and recover from cybercrime. SMEs might not have appropriate information on responding to such occurrences if research in these areas is pathetic. In future studies in SMEs, there needs to be an excellent equilibrium in cyber security. Scholars ought to use firm, proven mathematical methods to improve and test their work, yet governments and academia are urged to invest in providing researchers with incentives to broaden their research horizons.

  • References

    1. Alahmari A, Duncan B (2020). Cyber security risk management in small and medium-sized enterprises: A systematic review of recent evidence. In 2020 international conference on cyber situational awareness, data analytics and assessment (CyberSA) pp. 1–5). IEEE. DOI: 10.1109/CyberSA49311.2020.9139638
    2. Bada M, Nurse JR (2019). Developing cybersecurity education and awareness programs for small and medium-sized enterprises (SMEs). Information & Computer Security. 27(3):393–410.DOI: 10.1108/ICS-07-2018-0080.
    3. Benz, M., & Chatterjee, D. (2020). Calculated risk? A cyber security evaluation tool for SMEs. Business Horizons. DOI: 10.1016/j.bushor.2020.03.010
    4. Boletsis C, Halvorsrud R, Pickering JB, Phillips SC, and Surridge M (2021). Cyber security for SMEs: Introducing the Human Element into Socio-technical Cyber Security Risk Assessment. InVISIGRAPP (3: IVAPP) (pp. 266-274).
    5. C. T. Berry & R. L. Berry (2018). ''An initial assessment of small business risk management approaches for cyber security threats,'' (in English) Int. J. Bus. Continuity Risk Manag., vol. 8, no. 1, pp. 1–10, DOI: 10.1504/IJBCRM.2018.090580.
    6. Chidukwani A, Zander S, Koutsakis P (2022). A survey on the cyber security of small-to-medium businesses: challenges, research focus and recommendations. IEEE Access. 10:85701-19. DOI: 10.1109/ACCESS.2022.3197899
    7. Dey PK, Malesios C, De D, Chowdhury S, Abdelaziz FB (2020). The impact of lean management practices and sustainably‐oriented innovation on the sustainability performance of small and medium‐sized enterprises: empirical evidence from the UK. British Journal of Management. (1):141–61. DOI: 10.1111/1467-8551.12388
    8. Dvorsky J, Belas J, Gavurova B, Brabenec T (2021) Business risk management in the context of small and medium-sized enterprises. Economic Research-Ekonomska Istraživanja. 34(1):1690-708.
    9. Eling M, McShane M, Nguyen T (2021) Cyber risk management: History and future research directions. Risk Management and Insurance Review. 24(1):93-125. DOI: 10.1109/CyberSA49311.2020.9139638
    10. Etemadi N, Borbon-Galvez Y, Strozzi F, Etemadi T (2021) Supply chain disruption risk management with blockchain: A dynamic literature review. Information; 12(2):70. DOI: 10.3390/info12020070
    11. Feng Y, Duives D, Daamen W, Hoogendoorn S (2021) Data collection methods for studying pedestrian behaviour: A systematic review. Building and Environment; 187:107329. DOI: 10.1016/j.buildenv.2020.107329
    12. G. Lloyd (2020) ‘‘The business benefits of cyber security for SMEs,’’ (in English) Compute. Fraud Secure, vol. 2020, no. 2, pp. 14–17, DOI: 10.1016/S1361-3723(20)30019-1.
    13. Suryotrisongko H, Musashi Y (2019) ‘‘Review of cybersecurity research topics, taxonomy and challenges: Interdisciplinary perspective,’’ in Proc. IEEE 12th Conf. Service-Oriented Comput. Appl. (SOCA), Kaohsiung, Taiwan, pp. 162–167, DOI: 10.1109/SOCA.2019. 00031.
    14. Heidt M, Gerlach JP, Buxmann P (2019). Investigating the security divide between SME and large companies: How SME characteristics influence organizational IT security investments. Information Systems Frontiers. 21:1285-305. DOI: 10.1007/s10796-019-09959- 1
    15. Johannsen A, Kant D, Creutzburg R (2020) Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging. 2020(3):252-1.
    16. Lyu X, Ding Y, Yang SH (2019) Safety and security risk assessment in cyber‐physical systems. IET Cyber‐Physical Systems: Theory & Applications. 4(3):221-32. DOI: 10.1049/it-cps.2018.5068
    17. Mercl L, Horalek J (2020) SIEM implementation for small and mid-sized business environments. J. Eng. Appl. Sci. 14(9):10497-501. DOI: 10.36478/jeasci.2019.10497.10501
    18. Moyo M, Loock M. (2019) An Analysis of Small and Medium-Sized Enterprises' Perceptions of Security Evaluation in Cloud Business Intelligence. In International Conference on Cyber Warfare and Security (pp. 554-XIII).
    19. Opitz EL (2018) Cybersecurity for the board of directors of small and midsized businesses. Board Leadership. 2018(159):4-5. DIO: 10.1002/bl.30115
    20. Pugnetti C, Casián C (2021) Cyber risks and swiss smes: an investigation of employee attitudes and behavioral vulnerabilities. DIO: 10.21256/zhaw-21478
    21. Rawindaran N, Jayal A, Prakash E (2021) Machine learning cybersecurity adoption in small and medium enterprises in developed countries. Computers; 10(11):150. DOI: 10.2290/computers10110150
    22. S. Armenia, M. Angelini, F. Nonino, G. Palombi, and M. F. Schlitzer (2021) ‘‘A dynamic simulation approach to support the evaluation of cyber risks and security investments in SMEs,’’ (in English) Decis. Support Syst., vol. 147, Art. no. 113580, DOI: 10.1016/j.dss.2021.113580
    23. Sahoo S, Yadav S (2018). Lean implementation in small and medium-sized enterprises: An empirical study of Indian manufacturing firms. Benchmarking: An International Journal; 25(4):1121-47. DOI: 10.1108/BIJ-02-2017-0033
    24. Sukumar A, Mahdiraji HA, Jafari‐Sadeghi V (2023) Cyber risk assessment in small and medium‐sized enterprises: A multilevel decision‐making approach for small e‐tailors. Risk Analysis. DOI: 10.1111/risa.14092
    25. T. Tam, A. Rao, and J. Hall (2021), ‘‘The good, the bad and the missing: A narrative review of cyber-security implications for Australian small businesses,’’ (in English) Comput. Secur., vol. 109, Art. no. 102385, DOI: 10.1016/j.cose.2021.102385.
    26. Tabisa Ncubukezi, Laban Mwansa and Francois Rocaries (2020) International Journal of Computer Science and Information Security (IJCSIS), Vol. 18, No. 3.
    27. Tantawy A, Abdelwahed S, Erradi A, Shaban K (2020) Model-based risk assessment for cyber physical systems security. Computers & Security; 96:101864. DOI: 10.1016/j.cose.2020.101864
    28. U. Kaila (2018) ‘‘Information security best practices: First steps for startups and SMEs,’’ (in English) Technol. Innov. Manag. Rev., vol. 8, no. 11, pp. 32–42, DOI: 10.22215/timreview/1198.
    29. Van Haastrecht M, Sarhan I, Shojaifar A, Baumgartner L, Mallouli W, Spruit M (2021) A threat-based cyber security risk assessment approach addressing SME needs. In Proceedings of the 16th International Conference on Availability, Reliability and Security (pp. 1-12). DOI: 10.1145/3465481.3469199
    30. Vitunskaite M, He Y, Brandstetter T, Janicke H (2019) Smart cities and cyber security: Are we there yet? A comparative study on the role of standards, third party risk management and security ownership. Computers & Security; 83:313-31. DOI: 10.1016/j.cose.2019.02.009
    31. Yigit Ozkan B, van Lingen S, Spruit M (2021) The cybersecurity focus area maturity (CYSFAM) model. Journal of Cybersecurity and Privacy. 1(1):119-39. DIO: 10.3390/jcp1010007

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Copyright (c) 2023 Malque Publishing

How to cite

Ambreen, L., Jain, M., Yadav, R. K., & Loonkar, S. (2024). Effective cybersecurity risk management practices for small and medium-sized enterprises: A comprehensive review. Multidisciplinary Reviews, 6, 2023ss080. https://doi.org/10.31893/multirev.2023ss080
  • Article viewed - 18
  • PDF downloaded - 1