One size does not fit all: exploring the cybersecurity perspectives and engagement preferences of UK-based small businesses

Martin Wilson; Sharon McDonald

doi:10.1080/19393555.2024.2357310

One size does not fit all: exploring the cybersecurity perspectives and engagement preferences of UK-based small businesses

Martin Wilson^*, Sharon McDonald

^*Corresponding author for this work

Faculty of Design, Informatics and Business

Research output: Contribution to journal › Article › peer-review

3 Citations (Scopus)

48 Downloads (Pure)

Abstract

This study examines the cybersecurity needs of UK-based Small and Medium-sized Enterprises (SMEs) via thematic interviews grounded in the Health Belief Model with ten Digitally Dependent SMEs (those who depend on ICT), ten Digitally Based SMEs (those who rely heavily on ICT), and ten Digital Enablers (cybersecurity providers). Previous research highlights SMEs’ tendency to underestimate cyber threats, presuming security by obscurity. Our study extends this understanding, revealing SMEs' misjudgment regarding vulnerability to opportunistic attacks due to misunderstanding hackers' indiscriminate methods. Additional findings include SMEs favoring technical solutions over training and policies relying on existing networks and IT suppliers for cybersecurity support. However, Digital Enablers question these suppliers' competency in aiding SMEs. Digitally Based SMEs prioritize safeguarding their business reputation from attacks. Recommendations emphasize tailored strategies to meet SME cybersecurity needs, discouraging generic approaches. Improving SMEs' engagement with existing cybersecurity advice by enhancing its accessibility is a key area for improvement.

Original language	English
Pages (from-to)	15-49
Number of pages	35
Journal	Information Security Journal
Volume	34
Issue number	1
Early online date	31 May 2024
DOIs	https://doi.org/10.1080/19393555.2024.2357310
Publication status	Published - 2 Jan 2025

Keywords

Cybersecurity providers
Digital enablers
Health belief model
Small business
SME cybersecurity

Access to Document

10.1080/19393555.2024.2357310Licence: CC BY-NC-ND

Wilson_OneSizeDoesNotFitAll_Published_2025Final published version, 2.33 MBLicence: CC BY-NC-ND

Leveraging User Centred Design (UCD) to improve Small Medium Sized Enterprise (SME) cybersecurity engagement
Wilson, M. (Author), Irons, A. (Supervisor), McDonald, S. (Supervisor) & Ophoff, J. (Supervisor), 18 Jun 2025
Student thesis: Doctoral Thesis

Cite this

@article{ecdf4ef8fee4449682612f3e86b4361b,

title = "One size does not fit all: exploring the cybersecurity perspectives and engagement preferences of UK-based small businesses",

abstract = "This study examines the cybersecurity needs of UK-based Small and Medium-sized Enterprises (SMEs) via thematic interviews grounded in the Health Belief Model with ten Digitally Dependent SMEs (those who depend on ICT), ten Digitally Based SMEs (those who rely heavily on ICT), and ten Digital Enablers (cybersecurity providers). Previous research highlights SMEs{\textquoteright} tendency to underestimate cyber threats, presuming security by obscurity. Our study extends this understanding, revealing SMEs' misjudgment regarding vulnerability to opportunistic attacks due to misunderstanding hackers' indiscriminate methods. Additional findings include SMEs favoring technical solutions over training and policies relying on existing networks and IT suppliers for cybersecurity support. However, Digital Enablers question these suppliers' competency in aiding SMEs. Digitally Based SMEs prioritize safeguarding their business reputation from attacks. Recommendations emphasize tailored strategies to meet SME cybersecurity needs, discouraging generic approaches. Improving SMEs' engagement with existing cybersecurity advice by enhancing its accessibility is a key area for improvement.",

author = "Martin Wilson and Sharon McDonald",

note = "{\textcopyright} 2024 The Author(s). Published with license by Taylor \& Francis Group, LLC. This is an Open Access article distributed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivatives License (http://creativecommons.org/licenses/by-ncnd/4.0/), which permits non-commercial re-use, distribution, and reproduction in any medium, provided the original work is properly cited, and is not altered, transformed, or built upon in any way. The terms on which this article has been published allow the posting of the Accepted Manuscript in a repository by the author(s) or with their consent. Data Availability Statement: The participants of this study did not give written consent for their data to be shared publicly, so due to the sensitive nature of the research, supporting data is unavailable.",

year = "2025",

month = jan,

day = "2",

doi = "10.1080/19393555.2024.2357310",

language = "English",

volume = "34",

pages = "15--49",

journal = "Information Security Journal",

issn = "1939-3555",

publisher = "Taylor and Francis Ltd.",

number = "1",

}

TY - JOUR

T1 - One size does not fit all

T2 - exploring the cybersecurity perspectives and engagement preferences of UK-based small businesses

AU - Wilson, Martin

AU - McDonald, Sharon

N1 - © 2024 The Author(s). Published with license by Taylor & Francis Group, LLC. This is an Open Access article distributed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivatives License (http://creativecommons.org/licenses/by-ncnd/4.0/), which permits non-commercial re-use, distribution, and reproduction in any medium, provided the original work is properly cited, and is not altered, transformed, or built upon in any way. The terms on which this article has been published allow the posting of the Accepted Manuscript in a repository by the author(s) or with their consent. Data Availability Statement: The participants of this study did not give written consent for their data to be shared publicly, so due to the sensitive nature of the research, supporting data is unavailable.

PY - 2025/1/2

Y1 - 2025/1/2

N2 - This study examines the cybersecurity needs of UK-based Small and Medium-sized Enterprises (SMEs) via thematic interviews grounded in the Health Belief Model with ten Digitally Dependent SMEs (those who depend on ICT), ten Digitally Based SMEs (those who rely heavily on ICT), and ten Digital Enablers (cybersecurity providers). Previous research highlights SMEs’ tendency to underestimate cyber threats, presuming security by obscurity. Our study extends this understanding, revealing SMEs' misjudgment regarding vulnerability to opportunistic attacks due to misunderstanding hackers' indiscriminate methods. Additional findings include SMEs favoring technical solutions over training and policies relying on existing networks and IT suppliers for cybersecurity support. However, Digital Enablers question these suppliers' competency in aiding SMEs. Digitally Based SMEs prioritize safeguarding their business reputation from attacks. Recommendations emphasize tailored strategies to meet SME cybersecurity needs, discouraging generic approaches. Improving SMEs' engagement with existing cybersecurity advice by enhancing its accessibility is a key area for improvement.

AB - This study examines the cybersecurity needs of UK-based Small and Medium-sized Enterprises (SMEs) via thematic interviews grounded in the Health Belief Model with ten Digitally Dependent SMEs (those who depend on ICT), ten Digitally Based SMEs (those who rely heavily on ICT), and ten Digital Enablers (cybersecurity providers). Previous research highlights SMEs’ tendency to underestimate cyber threats, presuming security by obscurity. Our study extends this understanding, revealing SMEs' misjudgment regarding vulnerability to opportunistic attacks due to misunderstanding hackers' indiscriminate methods. Additional findings include SMEs favoring technical solutions over training and policies relying on existing networks and IT suppliers for cybersecurity support. However, Digital Enablers question these suppliers' competency in aiding SMEs. Digitally Based SMEs prioritize safeguarding their business reputation from attacks. Recommendations emphasize tailored strategies to meet SME cybersecurity needs, discouraging generic approaches. Improving SMEs' engagement with existing cybersecurity advice by enhancing its accessibility is a key area for improvement.

U2 - 10.1080/19393555.2024.2357310

DO - 10.1080/19393555.2024.2357310

M3 - Article

SN - 1939-3555

VL - 34

SP - 15

EP - 49

JO - Information Security Journal

JF - Information Security Journal

IS - 1

ER -

One size does not fit all: exploring the cybersecurity perspectives and engagement preferences of UK-based small businesses

Abstract

Keywords

Access to Document

Fingerprint

Student theses

Leveraging User Centred Design (UCD) to improve Small Medium Sized Enterprise (SME) cybersecurity engagement

Cite this