Cyber resilience is essential for Small and Medium-Sized Enterprises (SME), those with fewer than 250 employees, to protect themselves against cyber-attacks and to ensure their continued operation. This research focusses on how United Kingdom (UK) based SMEs prepare for and manage the consequences of a cyber-attack. It examines the organisational cyber resilience mechanisms that organisations can implement to ensure that they are resilient to cyber threats. Primary research was conducted with UK SMEs and supporting stakeholders using a mixed methods approach. Surveys aimed to measure their perception of cyber resilience and to give an appraisal of how mature they believe their organisation is. These surveys were then supplemented through semi-structured interviews to further understand perceptions and practices, using a thematic analysis of the data. The findings show that there was very good awareness of the available frameworks and standards however the scale of their implementation varied significantly. Furthermore, evidence from the interviews demonstrated the importance of governance, risk management, and security awareness while establishing organisational cyber resilience. Based on the findings, a conceptual framework is proposed that offers SMEs an approach to enhancing their cyber resilience. By addressing governance, culture, technical measures, communication, and learning, SMEs can better prepare for and mitigate the impact of cyber threats. Collaboration with external support organisations further strengthens resilience efforts, ensuring SMEs can navigate the evolving cyber landscape utilising this support with greater confidence and effectiveness. This research proposes a Cyber Resilience Conceptual Framework and a number of supporting principles to help SMEs on the journey towards cyber resilience.
- Cyber security
- Cyber
- Resilience
- Small and Medium Sized Enterprise
- SME
- Cyber resilience
How do small and medium-sized enterprises (Smes) within the UK prepare for and manage the consequences of a cyber-attack? A study on cyber resilience
Mackay, M. (Author). 25 Feb 2025
Student thesis: Masters Thesis › Masters by Research