A cyber situational awareness model to predict the implementation of cyber security controls and precautions by SMEs

Karen Renaud*, Jacques Ophoff

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

107 Downloads (Pure)


There is widespread concern about the fact that small- and medium-sized enterprises (SMEs) seem to be particularly vulnerable to cyberattacks. This is perhaps because smaller businesses lack sufficient situational awareness to make informed decisions in this space, or because they lack the resources to implement security controls and precautions.

In this paper, Endsley’s theory of situation awareness was extended to propose a model of SMEs’ cyber situational awareness, and the extent to which this awareness triggers the implementation of cyber security measures. Empirical data were collected through an online survey of 361 UK-based SMEs; subsequently, the authors used partial least squares modeling to validate the model.

The results show that heightened situational awareness, as well as resource availability, significantly affects SMEs’ implementation of cyber precautions and controls.

Research limitations/implications
While resource limitations are undoubtedly a problem for SMEs, their lack of cyber situational awareness seems to be the area requiring most attention.

Practical implications
The findings of this study are reported and recommendations were made that can help to improve situational awareness, which will have the effect of encouraging the implementation of cyber security measures.

This is the first study to apply the situational awareness theory to understand why SMEs do not implement cyber security best practice measures.
Original languageEnglish
Pages (from-to)24-46
Number of pages23
JournalOrganizational Cybersecurity Journal: Practice, Process and People
Issue number1
Early online date16 Jul 2021
Publication statusPublished - 21 Oct 2021


  • SME
  • Situational awareness
  • Cyber security precautions and controls


Dive into the research topics of 'A cyber situational awareness model to predict the implementation of cyber security controls and precautions by SMEs'. Together they form a unique fingerprint.

Cite this