Skip to main content
SpringerLink
Log in

Cybersecurity Challenges in Small and Medium Enterprise (SMEs)

  • Chapter
  • First Online:
Blockchain and Other Emerging Technologies for Digital Business Strategies

Abstract

Over the past decade, digitalization has played a greater role in improving the business stature of small business by opening new venues, extending their reach, and thereby improving value producing opportunities. It also brought the small businesses additional responsibilities of having to deal with the security risks and threats which are ever-present on the digital platform. This chapter aims to review and analyse the cybersecurity risks in small businesses due to the adaption of new digital technologies. The chapter discusses the security risks and challenges dealt by small business, the key constraints in implementing a security program to comply with the legal and regulatory requirements, and how the cloud technology can answer many of those challenges.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Help Net Security (2021) What are the most common cybersecurity challenges SMEs face today?—Help Net Security. Help Net Security. Available at: https://www.helpnetsecurity.com/2021/07/07/smes-cybersecurity-challenges/. Accessed 5 Aug 2021

  2. Witts J (2021) The top 5 biggest cyber security threats that small businesses face and how to stop them. Expert Insights. Expert Insights. Available at: https://expertinsights.com/insights/the-top-5-biggest-cyber-security-threats-that-small-businesses-face-and-how-to-stop-them/. Accessed 9 Aug 2021

  3. Yazbeck E (2021) When it comes to Cybersecurity, the small and medium business community needs to do better. SMC Consulting. Available at: https://www.smcconsulting.be/when-it-comes-to-cybersecurity-the-small-and-medium-business-community-needs-to-do-better/. Accessed 15 Aug 2021

  4. Lurey C (2019) Cyber mindset exposed: keeper unveils its 2019 SMB cyberthreat study—keeper security blog—cybersecurity news & product updates. Keeper Security Blog. Available at: https://www.keepersecurity.com/blog/2019/07/24/cyber-mindset-exposed-keeper-unveils-its-2019-smb-cyberthreat-study/. Accessed 26 July 2021

  5. Galvin J (2018) 60 Percent of small businesses fold within 6 months of a cyber attack. Here's How to Protect Yourself. Inc.com. Available at: https://www.inc.com/joe-galvin/60-percent-of-small-businesses-fold-within-6-months-of-a-cyber-attack-heres-how-to-protect-yourself.html. Accessed 28 July 2021

  6. Osborne E (2015) Business versus Technology: sources of the perceived lack of cyber security in SMEs (Working Paper). Oxford University Research Archive, p 10. Available at: https://ora.ox.ac.uk/objects/uuid:4363144b-5667-4fdd-8cd3-b8e35436107e/download_file?file_format=pdf&safe_filename=01-15.pdf&type_of_work=Working+paper. Accessed 6 Aug 2021

  7. Armenia S, Angelini M, Nonino F, Palombi G, Schlitzer M (2021) A dynamic simulation approach to support the evaluation of cyber risks and security investments in SMEs. Decis Support Syst 147:113580. https://doi.org/10.1016/j.dss.2021.113580. Accessed 8 Aug 2021

  8. UK government (2020) https://www.gov.uk/government/statistics/cyber-securitybreaches-survey-2020/cyber-security-breaches-survey-2020

  9. Gough O (2016) Majority of businesses neglecting cybersecurity due to lack of resources. Small Business. Available at: https://smallbusiness.co.uk/majority-businesses-neglecting-cybersecurity-2535173/. Accessed 10 Aug 2021

  10. Umawing J (2019) SMBs lack resources to defend against cyberattacks, plus pay more in the aftermath—Malwarebytes Labs. Malwarebytes Labs. Available at: https://blog.malwarebytes.com/business-2/2019/10/smbs-lack-resources-to-defend-against-cyberattacks-plus-pay-more-in-the-aftermath/. Accessed 9 Aug 2021

  11. Benz M, Chatterjee D (2020) Calculated risk? A cybersecurity evaluation tool for SMEs. Bus Horizons 63(4):531–540. https://doi.org/10.1016/j.bushor.2020.03.010. Accessed 7 Aug 2021

  12. Moskowitz S (2017) The small and medium-sized enterprise (SME). Cybercrime and Business, pp 45–68. https://doi.org/10.1016/B978-0-12-800353-4.00004-X. Accessed 6 Aug 2021

  13. Ricci R, Battaglia D, Neirotti P (2021) External knowledge search, opportunity recognition and industry 4.0 adoption in SMEs. Int J Prod Econ 240:108234. https://doi.org/10.1016/j.ijpe.2021.108234. Accessed 12 Aug 2021

  14. Assante D, Castro M, Hamburg I, Martin S (2016) The use of cloud computing in SMEs. Procedia Comput Sci 83:1207–1212. https://doi.org/10.1016/j.procs.2016.04.250. Accessed 10 Aug 2021

  15. Gartner (2017) Business impact of security incidents and evolving regulations driving market growth

    Google Scholar 

  16. Verbano C, Venturini K (2013) Managing risks in SMEs: a literature review and research agenda. J Technol Manag Innov 8(3):186–197. https://doi.org/10.4067/S0718-27242013000400017

    Article  Google Scholar 

  17. Pathak PB, Nanded YM (2016) A dangerous trend of cybercrime: ransomware growing challenge. Int J Adv Res Comput Eng Technol 5(2):371–373

    Google Scholar 

  18. Antonescu M, Birău R (2015) Financial and non-financial implications of cybercrimes in emerging countries. Procedia Econ Finance 32:618–621

    Google Scholar 

  19. McAfee (2018) Economic impact of cybercrime—no slowing Dow

    Google Scholar 

  20. Cyber Security Ventures (2017) 2017 Cybercrime Report

    Google Scholar 

  21. Kaur S, Sharma S, Singh A (2015) Cyber security: attacks, implications and legitimations across the globe. Int J Comput Appl 114(6)

    Google Scholar 

  22. Ponsard C, Grandclaudon J, Dallons G (2018) Towards a cyber security label for SMEs: a European perspective. In: ICISSP, pp 426–431

    Google Scholar 

  23. Watkins B (2014) The impact of cyber attacks on the private sector.no. August, 1-1. Whetten DA (1989) What constitutes a theoretical contribution? Acad Manage Rev 14(4):490–495. The framework outlines 7 points which you can use to evaluate your research work.

    Google Scholar 

  24. Klaper D, Hovy E (2014) A taxonomy and a knowledge portal for cybersecurity. In: Proceedings of the 15th annual international conference on digital government research. ACM, pp 79–85

    Google Scholar 

  25. Sadok M, Bednar PM (2016) Information security management in SMEs: Beyond the IT Challenges. In: HAISA, pp 209–219

    Google Scholar 

  26. Hayes J, Bodhani A (2013) Cyber security: small firms under fire (Information Technology Professionalism). Eng Technol 8(6):80–83

    Article  Google Scholar 

  27. Polkowski Z, Dysarz J (2017) It security management in small and medium enterprises. Sci Bull-Econ Sci 16(3):134–148

    Google Scholar 

  28. Twisdale JA (2018) Exploring SME vulnerabilities to cyber-criminal activities through employee behavior and internet access (Doctoral dissertation, Walden University)

    Google Scholar 

  29. Henson R, Garfield J (2016) What attitude changes are needed to cause SMEs to take a strategic approach to information security? Athens J Bus Econ 2(3):303–318

    Google Scholar 

  30. Hills M, Atkinson L (2016) Towards cyber-resilient & sustainable SMES: the case study of added value from a large IT reseller

    Google Scholar 

  31. Santos-Olmo A, Sánchez L, Caballero I, Camacho S, Fernandez-Medina E (2016) The importance of the security culture in SMEs as regards the correct management of the security of their assets. Future Internet 8(3):30

    Google Scholar 

  32. Kluitenberg H (2014) Security risk management in it small and medium enterprises. In: Proceedings of 20th Twente student conference on IT

    Google Scholar 

  33. Fielder A, König S, Panaousis E, Schauer S, Rass S (2018) Risk assessment uncertainties in cybersecurity investments. Games 9(2):34

    Google Scholar 

  34. Topping C (2017) The role of awareness in adoption of government cyber security initiatives: a study of SMEs in the UK

    Google Scholar 

  35. Aldawood H, Skinner G (2018) Educating and raising awareness on cyber security social engineering: a literature review. In: 2018 IEEE international conference on teaching, assessment, and learning for engineering (TALE). IEEE, pp 62–68

    Google Scholar 

  36. Nilsen R, Levy Y, Terrell S, Beyer D (2017) A developmental study on assessing the cybersecurity competency of organizational information system users

    Google Scholar 

  37. Valli C, Martinus IC, Johnstone MN (2014) Small to medium enterprise cyber security awareness: an initial survey of Western Australian business

    Google Scholar 

  38. Kurpjuhn T (2015) The SME security challenge. Comput Fraud Secur 2015(3):5–7. https://doi.org/10.1016/S1361-3723(15)30017-8. Accessed 2 Aug 2021

  39. Tam T, Rao A, Hall J (2021) The good, the bad and the missing: a narrative review of cyber-security implications for Australian small businesses. Comput Secur 109:102385. https://doi.org/10.1016/j.cose.2021.102385. Accessed 2 Aug 2021

  40. Lindström J, Eliasson J, Hermansson A, Blomstedt F, Kyösti P (2018) Cybersecurity level in IPS 2: a case study of two industrial internet-based SME offerings. Procedia CIRP 73:222–227. https://doi.org/10.1016/j.procir.2018.03.302. Accessed 11 Aug 2021

  41. Lloyd G (2020) The business benefits of cyber security for SMEs. Comput Fraud Secur 2020(2):14–17. https://doi.org/10.1016/S1361-3723(20)30019-1. Accessed 18 Aug 2021

  42. Sultan N (2011) Reaching for the “cloud”: How SMEs can manage. Int J Inf Manage 31(3):272–278. https://doi.org/10.1016/j.ijinfomgt.2010.08.001. Accessed 6 Aug 2021

  43. Zelenay J, Balco P, Greguš M (2019) Cloud technologies—solution for secure communication and collaboration. Procedia Comput Sci 151:567–574. https://doi.org/10.1016/j.procs.2019.04.076. Accessed 4 Aug 2021

  44. Nycz M, Martin MJ, Polkowski Z (2015) In: 2015 7th International conference on electronics, computers and artificial intelligence (ECAI). IEEE, Bucharest. https://doi.org/10.1109/ECAI.2015.7301182. Accessed 19 Aug 2021

  45. Nussbaumer N, Liu X (2013) Cloud migration for SMEs in a service oriented approach. In: 2013 IEEE 37th annual computer software and applications conference workshops. IEEE. https://doi.org/10.1109/COMPSACW.2013.71. Accessed 16 Aug 2021

  46. Godfrin (2016) Legal requirements and identifying data security for cloud service. In: 2016 Second international conference on science technology engineering and management (ICONSTEM). Chennai: IEEE. https://doi.org/10.1109/ICONSTEM.2016.7560948. Accessed 19 Aug 2021

  47. Lovrek I, Lovrić T, Lucic DL (2012) Regulatory aspects of cloud computing. In: SoftCOM 2012, 20th international conference on software, telecommunications and computer networks. IEEE. Available at: https://ieeexplore.ieee.org/document/6347661/authors#authors. Accessed 11 Aug 2021

  48. NIST (2018) Framework for Improving Critical Infrastructure Cybersecurity

    Google Scholar 

  49. Owen-Jackson C (2021) How to protect your small business from cyber-threats. Secure Futures. Available at: https://www.kaspersky.com/blog/secure-futures-magazine/small-business-cybersecurity/29177/. Accessed 25 Aug 2021

  50. Gerberding K (2017) NIST, CIS/SANS 20, ISO 27001—simplifying security control assessment

    Google Scholar 

  51. Marco B, De Luca R (2015) Financial distress and earnings manipulation: evidence from Italian SMEs. J Acc Finance. Available at SSRN: https://ssrn.com/abstract=2596295

  52. Raja MSN, Vasudevan AR (2017) Rule generation for TCP SYN flood attack in SIEM Environment. Procedia Comput Sci 115:580–587. https://doi.org/10.1016/j.procs.2017.09.117

    Article  Google Scholar 

  53. Vielberth M, Pernul G (2018) A security information and event management pattern. In: 12th Latin American conference on pattern languages of programs, vol 1, no 1, pp 1–12

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Northumbria University London Campus, London, UK

    Hamid Jahankhani

  2. Northumbria University London, London, UK

    Lakshmi N. K. Meda & Mehrdad Samadi

Authors
  1. Hamid Jahankhani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lakshmi N. K. Meda
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mehrdad Samadi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hamid Jahankhani .

Editor information

Editors and Affiliations

  1. Northumbria University London Campus, London, UK

    Hamid Jahankhani

  2. Rushden, UK

    David V. Kilpin

  3. Cyfortis, Worcester Park, UK

    Stefan Kendzierskyj

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Jahankhani, H., Meda, L.N.K., Samadi, M. (2022). Cybersecurity Challenges in Small and Medium Enterprise (SMEs). In: Jahankhani, H., V. Kilpin, D., Kendzierskyj, S. (eds) Blockchain and Other Emerging Technologies for Digital Business Strategies. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-030-98225-6_1

Download citation

Publish with us

Policies and ethics

Search

Navigation