Abstract
We report an online survey of 85 U.K-based SMEs that explored their threat and coping appraisals toward five common types of cyber-attack: Network being hacked; Data being stolen or encrypted; malware infection; mobile devices being compromised; and phishing e-mail attack. Overall, SMEs’ reported assessment of the risk of an attack was low, particularly for the possibility of their business network being hacked or their data being stolen or encrypted. However, there was an incongruence in their Threat Appraisals since, while they believed the risks to be low, they reported that the impact would be high. In terms of Coping Appraisal, respondents indicated that measures to prevent such attacks were both inexpensive and effective. However, their reported self-efficacy was significantly lower for keeping mobile devices safe and avoiding phishing attacks. We discuss these results taking into consideration additional qualitative data and provide recommendations for SME engagement.
| Original language | English |
|---|---|
| Pages (from-to) | 397-409 |
| Number of pages | 13 |
| Journal | Journal of Computer Information Systems |
| Volume | 63 |
| Issue number | 2 |
| Early online date | 3 May 2022 |
| DOIs | |
| Publication status | Published - 4 Mar 2023 |
| Externally published | Yes |
Keywords
- SME cyber security
- Threat appraisal
- Coping appraisal
Fingerprint
Dive into the research topics of 'It won’t happen to me: surveying SME attitudes to cyber-security'. Together they form a unique fingerprint.Student theses
-
Leveraging User Centred Design (UCD) to improve Small Medium Sized Enterprise (SME) cybersecurity engagement
Wilson, M. (Author), Irons, A. (Supervisor), McDonald, S. (Supervisor) & Ophoff, J. (Supervisor), 18 Jun 2025Student thesis: Doctoral Thesis