Abstract
Over the past decade, digitalization has played a greater role in improving the business stature of small business by opening new venues, extending their reach, and thereby improving value producing opportunities. It also brought the small businesses additional responsibilities of having to deal with the security risks and threats which are ever-present on the digital platform. This chapter aims to review and analyse the cybersecurity risks in small businesses due to the adaption of new digital technologies. The chapter discusses the security risks and challenges dealt by small business, the key constraints in implementing a security program to comply with the legal and regulatory requirements, and how the cloud technology can answer many of those challenges.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Help Net Security (2021) What are the most common cybersecurity challenges SMEs face today?—Help Net Security. Help Net Security. Available at: https://www.helpnetsecurity.com/2021/07/07/smes-cybersecurity-challenges/. Accessed 5 Aug 2021
Witts J (2021) The top 5 biggest cyber security threats that small businesses face and how to stop them. Expert Insights. Expert Insights. Available at: https://expertinsights.com/insights/the-top-5-biggest-cyber-security-threats-that-small-businesses-face-and-how-to-stop-them/. Accessed 9 Aug 2021
Yazbeck E (2021) When it comes to Cybersecurity, the small and medium business community needs to do better. SMC Consulting. Available at: https://www.smcconsulting.be/when-it-comes-to-cybersecurity-the-small-and-medium-business-community-needs-to-do-better/. Accessed 15 Aug 2021
Lurey C (2019) Cyber mindset exposed: keeper unveils its 2019 SMB cyberthreat study—keeper security blog—cybersecurity news & product updates. Keeper Security Blog. Available at: https://www.keepersecurity.com/blog/2019/07/24/cyber-mindset-exposed-keeper-unveils-its-2019-smb-cyberthreat-study/. Accessed 26 July 2021
Galvin J (2018) 60 Percent of small businesses fold within 6 months of a cyber attack. Here's How to Protect Yourself. Inc.com. Available at: https://www.inc.com/joe-galvin/60-percent-of-small-businesses-fold-within-6-months-of-a-cyber-attack-heres-how-to-protect-yourself.html. Accessed 28 July 2021
Osborne E (2015) Business versus Technology: sources of the perceived lack of cyber security in SMEs (Working Paper). Oxford University Research Archive, p 10. Available at: https://ora.ox.ac.uk/objects/uuid:4363144b-5667-4fdd-8cd3-b8e35436107e/download_file?file_format=pdf&safe_filename=01-15.pdf&type_of_work=Working+paper. Accessed 6 Aug 2021
Armenia S, Angelini M, Nonino F, Palombi G, Schlitzer M (2021) A dynamic simulation approach to support the evaluation of cyber risks and security investments in SMEs. Decis Support Syst 147:113580. https://doi.org/10.1016/j.dss.2021.113580. Accessed 8 Aug 2021
UK government (2020) https://www.gov.uk/government/statistics/cyber-securitybreaches-survey-2020/cyber-security-breaches-survey-2020
Gough O (2016) Majority of businesses neglecting cybersecurity due to lack of resources. Small Business. Available at: https://smallbusiness.co.uk/majority-businesses-neglecting-cybersecurity-2535173/. Accessed 10 Aug 2021
Umawing J (2019) SMBs lack resources to defend against cyberattacks, plus pay more in the aftermath—Malwarebytes Labs. Malwarebytes Labs. Available at: https://blog.malwarebytes.com/business-2/2019/10/smbs-lack-resources-to-defend-against-cyberattacks-plus-pay-more-in-the-aftermath/. Accessed 9 Aug 2021
Benz M, Chatterjee D (2020) Calculated risk? A cybersecurity evaluation tool for SMEs. Bus Horizons 63(4):531–540. https://doi.org/10.1016/j.bushor.2020.03.010. Accessed 7 Aug 2021
Moskowitz S (2017) The small and medium-sized enterprise (SME). Cybercrime and Business, pp 45–68. https://doi.org/10.1016/B978-0-12-800353-4.00004-X. Accessed 6 Aug 2021
Ricci R, Battaglia D, Neirotti P (2021) External knowledge search, opportunity recognition and industry 4.0 adoption in SMEs. Int J Prod Econ 240:108234. https://doi.org/10.1016/j.ijpe.2021.108234. Accessed 12 Aug 2021
Assante D, Castro M, Hamburg I, Martin S (2016) The use of cloud computing in SMEs. Procedia Comput Sci 83:1207–1212. https://doi.org/10.1016/j.procs.2016.04.250. Accessed 10 Aug 2021
Gartner (2017) Business impact of security incidents and evolving regulations driving market growth
Verbano C, Venturini K (2013) Managing risks in SMEs: a literature review and research agenda. J Technol Manag Innov 8(3):186–197. https://doi.org/10.4067/S0718-27242013000400017
Pathak PB, Nanded YM (2016) A dangerous trend of cybercrime: ransomware growing challenge. Int J Adv Res Comput Eng Technol 5(2):371–373
Antonescu M, Birău R (2015) Financial and non-financial implications of cybercrimes in emerging countries. Procedia Econ Finance 32:618–621
McAfee (2018) Economic impact of cybercrime—no slowing Dow
Cyber Security Ventures (2017) 2017 Cybercrime Report
Kaur S, Sharma S, Singh A (2015) Cyber security: attacks, implications and legitimations across the globe. Int J Comput Appl 114(6)
Ponsard C, Grandclaudon J, Dallons G (2018) Towards a cyber security label for SMEs: a European perspective. In: ICISSP, pp 426–431
Watkins B (2014) The impact of cyber attacks on the private sector.no. August, 1-1. Whetten DA (1989) What constitutes a theoretical contribution? Acad Manage Rev 14(4):490–495. The framework outlines 7 points which you can use to evaluate your research work.
Klaper D, Hovy E (2014) A taxonomy and a knowledge portal for cybersecurity. In: Proceedings of the 15th annual international conference on digital government research. ACM, pp 79–85
Sadok M, Bednar PM (2016) Information security management in SMEs: Beyond the IT Challenges. In: HAISA, pp 209–219
Hayes J, Bodhani A (2013) Cyber security: small firms under fire (Information Technology Professionalism). Eng Technol 8(6):80–83
Polkowski Z, Dysarz J (2017) It security management in small and medium enterprises. Sci Bull-Econ Sci 16(3):134–148
Twisdale JA (2018) Exploring SME vulnerabilities to cyber-criminal activities through employee behavior and internet access (Doctoral dissertation, Walden University)
Henson R, Garfield J (2016) What attitude changes are needed to cause SMEs to take a strategic approach to information security? Athens J Bus Econ 2(3):303–318
Hills M, Atkinson L (2016) Towards cyber-resilient & sustainable SMES: the case study of added value from a large IT reseller
Santos-Olmo A, Sánchez L, Caballero I, Camacho S, Fernandez-Medina E (2016) The importance of the security culture in SMEs as regards the correct management of the security of their assets. Future Internet 8(3):30
Kluitenberg H (2014) Security risk management in it small and medium enterprises. In: Proceedings of 20th Twente student conference on IT
Fielder A, König S, Panaousis E, Schauer S, Rass S (2018) Risk assessment uncertainties in cybersecurity investments. Games 9(2):34
Topping C (2017) The role of awareness in adoption of government cyber security initiatives: a study of SMEs in the UK
Aldawood H, Skinner G (2018) Educating and raising awareness on cyber security social engineering: a literature review. In: 2018 IEEE international conference on teaching, assessment, and learning for engineering (TALE). IEEE, pp 62–68
Nilsen R, Levy Y, Terrell S, Beyer D (2017) A developmental study on assessing the cybersecurity competency of organizational information system users
Valli C, Martinus IC, Johnstone MN (2014) Small to medium enterprise cyber security awareness: an initial survey of Western Australian business
Kurpjuhn T (2015) The SME security challenge. Comput Fraud Secur 2015(3):5–7. https://doi.org/10.1016/S1361-3723(15)30017-8. Accessed 2 Aug 2021
Tam T, Rao A, Hall J (2021) The good, the bad and the missing: a narrative review of cyber-security implications for Australian small businesses. Comput Secur 109:102385. https://doi.org/10.1016/j.cose.2021.102385. Accessed 2 Aug 2021
Lindström J, Eliasson J, Hermansson A, Blomstedt F, Kyösti P (2018) Cybersecurity level in IPS 2: a case study of two industrial internet-based SME offerings. Procedia CIRP 73:222–227. https://doi.org/10.1016/j.procir.2018.03.302. Accessed 11 Aug 2021
Lloyd G (2020) The business benefits of cyber security for SMEs. Comput Fraud Secur 2020(2):14–17. https://doi.org/10.1016/S1361-3723(20)30019-1. Accessed 18 Aug 2021
Sultan N (2011) Reaching for the “cloud”: How SMEs can manage. Int J Inf Manage 31(3):272–278. https://doi.org/10.1016/j.ijinfomgt.2010.08.001. Accessed 6 Aug 2021
Zelenay J, Balco P, Greguš M (2019) Cloud technologies—solution for secure communication and collaboration. Procedia Comput Sci 151:567–574. https://doi.org/10.1016/j.procs.2019.04.076. Accessed 4 Aug 2021
Nycz M, Martin MJ, Polkowski Z (2015) In: 2015 7th International conference on electronics, computers and artificial intelligence (ECAI). IEEE, Bucharest. https://doi.org/10.1109/ECAI.2015.7301182. Accessed 19 Aug 2021
Nussbaumer N, Liu X (2013) Cloud migration for SMEs in a service oriented approach. In: 2013 IEEE 37th annual computer software and applications conference workshops. IEEE. https://doi.org/10.1109/COMPSACW.2013.71. Accessed 16 Aug 2021
Godfrin (2016) Legal requirements and identifying data security for cloud service. In: 2016 Second international conference on science technology engineering and management (ICONSTEM). Chennai: IEEE. https://doi.org/10.1109/ICONSTEM.2016.7560948. Accessed 19 Aug 2021
Lovrek I, Lovrić T, Lucic DL (2012) Regulatory aspects of cloud computing. In: SoftCOM 2012, 20th international conference on software, telecommunications and computer networks. IEEE. Available at: https://ieeexplore.ieee.org/document/6347661/authors#authors. Accessed 11 Aug 2021
NIST (2018) Framework for Improving Critical Infrastructure Cybersecurity
Owen-Jackson C (2021) How to protect your small business from cyber-threats. Secure Futures. Available at: https://www.kaspersky.com/blog/secure-futures-magazine/small-business-cybersecurity/29177/. Accessed 25 Aug 2021
Gerberding K (2017) NIST, CIS/SANS 20, ISO 27001—simplifying security control assessment
Marco B, De Luca R (2015) Financial distress and earnings manipulation: evidence from Italian SMEs. J Acc Finance. Available at SSRN: https://ssrn.com/abstract=2596295
Raja MSN, Vasudevan AR (2017) Rule generation for TCP SYN flood attack in SIEM Environment. Procedia Comput Sci 115:580–587. https://doi.org/10.1016/j.procs.2017.09.117
Vielberth M, Pernul G (2018) A security information and event management pattern. In: 12th Latin American conference on pattern languages of programs, vol 1, no 1, pp 1–12
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Jahankhani, H., Meda, L.N.K., Samadi, M. (2022). Cybersecurity Challenges in Small and Medium Enterprise (SMEs). In: Jahankhani, H., V. Kilpin, D., Kendzierskyj, S. (eds) Blockchain and Other Emerging Technologies for Digital Business Strategies. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-030-98225-6_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-98225-6_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-98224-9
Online ISBN: 978-3-030-98225-6
eBook Packages: Business and ManagementBusiness and Management (R0)