Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K.

Rae, Andrew; Patel, Asma

doi:10.1007/978-3-030-34339-2_20

Cited by 5 publications

(2 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Contrasting to the contribution of SMEs, a recent study also notes that four in ten SMEs have experienced cyberattacks in the 12 months (Rae & Patel, 2019) and only 14% of microenterprises are actively involved in Information and Communication Technology (ICT) risk assessments (Office for National Statistics, 2019). Given the contribution of SMEs and the lack of risk assessment techniques in their context, there is a need to address this.…”

Section: Literature Reviewmentioning

confidence: 99%

Cyber risk assessment in small and medium‐sized enterprises: A multilevel decision‐making approach for small e‐tailors

2023

View full text Add to dashboard Cite

The role played by information and communication technologies in today's businesses cannot be underestimated. While such technological advancements provide numerous advantages and opportunities, they are known to thread organizations with new challenges such as cyberattacks. This is particularly important for small and medium-sized enterprises (SMEs) that are deemed to be the least mature and highly vulnerable to cybersecurity risks. Thus, this research is set to assess the cyber risks in online retailing SMEs (e-tailing SMEs). Therefore, this article employs a sample of 124 small etailers in the United Kingdom and takes advantage of a multi-criteria decision analysis (MCDA) method. Indeed, we identified a total number of 28 identified cyber-oriented risks in five exhaustive themes of "security," "dependency," "employee," "strategic," and "legal" risks. Subsequently, an integrated approach using step-wise weight assessment ratio analysis (SWARA) and best-worst method (BWM) has been employed to develop a pathway of risk assessment. As such, the current study outlines a novel approach toward cybersecurity risk management for e-tailing SMEs and discusses its effectiveness and contributions to the cyber risk management literature.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Cyber risk assessment in small and medium‐sized enterprises: A multilevel decision‐making approach for small e‐tailors

2023

View full text Add to dashboard Cite

show abstract

“…The authors focus on cyber liability insurance, which provides the basis for a cost-effective solution to encourage good information assurance across the SMEs supply chain, by protecting their own data and the data that they share with the supply chain partners. A different case study in UK from Rae et al [37] addresses the increasing amount of cyberattacks and threats for SMEs and identifies the influencing factors that are needed to improve security behaviours and engagements with information security best practices. The authors propose a cybersecurity rating scheme for SMEs in the UK, with the potential to scale internationally.…”

Section: Case Studies and Related Workmentioning

confidence: 99%

Information Security and Cybersecurity Management: A Case Study with SMEs in Portugal

Antunes

Maximiano

Gomes

et al. 2021

JCP

View full text Add to dashboard Cite

Information security plays a key role in enterprises management, as it deals with the confidentiality, privacy, integrity, and availability of one of their most valuable resources: data and information. Small and Medium-sized enterprises (SME) are seen as a blind spot in information security and cybersecurity management, which is mainly due to their size, regional and familiar scope, and financial resources. This paper presents an information security and cybersecurity management project, in which a methodology based on the well-known ISO-27001:2013 standard was designed and implemented in fifty SMEs that were located in the center region of Portugal. The project was conducted by a business association located at the center of Portugal and mainly participated by SMEs. The Polytechnic of Leiria and an IT auditing/consulting team were the other two entities that participated on the project. The characterisation of the participating enterprises, the ISO-27001:2013 based methodology developed and implemented in SMEs, as well as the results obtained in this case study, are depicted and analysed in the paper. The attained results show a clear benefit to the audited and intervened SMEs, being mainly attested by the increasing of their information security management robustness and collaborators’ cyberawareness.

show abstract

Importance of Least Cybersecurity Controls for Small and Medium Enterprises (SMEs) for Better Global Digitalised Economy

Pawar¹,

Palivela²

2023

Smart Analytics, Artificial Intelligence and Sustainable Performance Management in a Global Digitalised Economy

View full text Add to dashboard Cite

Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K.

Cited by 5 publications

References 14 publications

Cyber risk assessment in small and medium‐sized enterprises: A multilevel decision‐making approach for small e‐tailors

Cyber risk assessment in small and medium‐sized enterprises: A multilevel decision‐making approach for small e‐tailors

Information Security and Cybersecurity Management: A Case Study with SMEs in Portugal

Importance of Least Cybersecurity Controls for Small and Medium Enterprises (SMEs) for Better Global Digitalised Economy

Contact Info

Product

Resources

About