[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content
Springer Nature Link
Log in

I Just Want to Help: SMEs Engaging with Cybersecurity Technology

  • Conference paper
  • First Online:
HCI for Cybersecurity, Privacy and Trust (HCII 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14045))

Included in the following conference series:

Abstract

The cybersecurity landscape is particularly challenging for SMEs. On the one hand, they must comply with regulation or face legal sanction. But on the other, they may not have the resource or expertise to ensure regulatory compliance, especially since this is not their core business. At the same time, it is also well-attested in the literature that individuals (human actors in the ecosystem) are often targeted for cyber attacks. So, SMEs must also consider their employees but also their clients as potential risks regarding cybersecurity. Finally, it is also known that SMEs working together as part of a single supply chain are reluctant to share cybersecurity status and information. Given all of these challenges, assuming SMEs recognise their responsibility for security, they may be overwhelmed in trying to meet all the associated requirements. There are tools to help support them, of course, assuming they are motivated to engage with such tooling. This paper looks at the following aspects of this overall situation. In a set of four studies, we assess private citizen understanding of cybersecurity and who they believe to be responsible. On that basis, we then consider their attitude to sharing data with service providers. Moving to SMEs, we provide a general overview of their response to the cybersecurity landscape. Finally, we ask four SMEs across different sectors how they respond to cybersecurity tooling. As well as providing an increased understanding of private citizen and SME attitudes to cybersecurity, we conclude that SMEs need not be overwhelmed by their responsibilities. On the contrary, they can take the opportunity to innovate based on their experience with cybersecurity tools.

This work was supported by the EU H2020 project CyberKit4SME (Grant agreement: 883188).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 79.50
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 99.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Lin, D.-Y., Rayavarapu, S.N., Tadjeddine, K., Yeoh, R. : Beyond financials: helping small and medium-sized enterprizes thrive. In: McKinsey & Company, Public & Social Sector Practice (2022). https://www.mckinsey.com/industries/public-and-social-sector/our-insights/beyond-financials-helping-small-and-medium-size-enterprises-thrive

  2. European Commission: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (2016)

    Google Scholar 

  3. International Organization for Standardization: ISO/IEC 27000:2018, in Information technology - Security techniques - Information security management systems - Overview and vocabulary. 2018

    Google Scholar 

  4. Wilson, M., McDonald, S., Button, D., McGarry, K.: It won’t happen to me: surveying SME attitudes to cyber-security. J. Comput. Inf. Syst. 1–13 (2022). https://doi.org/10.1080/08874417.2022.2067791

  5. Khan, M.I., Tanwar, S., Rana, A.: The need for information security management for SMEs. In: 2020 9th International Conference System Modeling and Advancement in Research Trends (SMART), pp. 328–332. IEEE, Moradabad, India (2020)

    Google Scholar 

  6. Bell, S.: Cybersecurity is not just a ‘big business’ issue. Gov. Dir. 69(9), 536–539 (2017)

    Google Scholar 

  7. Sharma, K., Singh, A., Sharma, V.P.: SMEs and cybersecurity threats in E-commerce. EDPACS EDP Audit Control Secur. Newsl. 39(5–6), 1–49 (2009)

    Google Scholar 

  8. Blythe, J.: Cyber security in the workplace: understanding and promoting behaviour change. In: Bottoni, P., Matera, M. (eds.) Proceedings of CHItaly 2013 Doctoral Consortium, vol. 1065, pp. 92–101. Trento, Italy (2013)

    Google Scholar 

  9. Alahmari, A., Duncan., B. : Cybersecurity risk management in small and medium-sized enterprises: a systematic review of recent evidence. In: 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), pp. 1–5. IEEE, Dublin, Ireland (2020)

    Google Scholar 

  10. Saleem, J., Adebisi, B., Ande, R., Hammoudeh, M.: A state of the art survey-impact of cyber attacks on SME’s. In: Proceedings of the International Conference on Future Networks and Distributed Systems, ACM, Cambridge, UK (2017). https://doi.org/10.1145/3102304.3109812

  11. Blythe, J.M., Coventry. L.: Costly but effective: comparing the factors that influence employee antimalware behaviours. Comput. Hum. Behav. 87, 87–97 (2018)

    Google Scholar 

  12. Gafni, R., Pavel, T.: The invisible hole of information on SMB’s cybersecurity. Online J. Appl. Knowl. Manag. (OJAKM) 7(1), 4–26 (2019)

    Google Scholar 

  13. Wachinger, G., Renn, O., Begg, C., Kuhlicke, C. : The risk perception paradox - implications for governance and communication of natural hazards. Risk Anal. 33(6), 1049–1065 (2013). https://doi.org/10.1111/j.1539-6924.2012.01942.x

  14. Bada, M., Sasse, M.A., Nurse, J.R. : Cyber security awareness campaigns: why do they fail to change behaviour? In International Conference on Cyber Security for Sustainable Society, pp. 118–131. Coventry, UK. (2015)

    Google Scholar 

  15. Beldad, A., de Jong, M., Steehouder., M.: How shall i trust the faceless and the intangible? A literature review on the antecedents of online trust. Comput. Hum. Behav. 26(5), 857–869 (2010). https://doi.org/10.1016/j.chb.2010.03.013

  16. Siegrist, M.: Trust and risk perception: a critical review of the literature. Risk Anal. 41(3), 480–490 (2021). https://doi.org/10.1111/risa.13325

    Article  Google Scholar 

  17. De Kimpe, L., Walrave, M., Verdegem, P., Ponnet, K.: What we think we know about cybersecurity: an investigation of the relationship between perceived knowledge, internet trust, and protection motivation in a cybercrime context. Behav. Inf. Technol. 41(8), 1796–1808 (2022). https://doi.org/10.1080/0144929X.2021.1905066

    Article  Google Scholar 

  18. Witte, K.: Putting the fear back into fear appeals: the extended parallel process model. Commun. Monogr. 59(4), 329–349 (1992)

    Article  Google Scholar 

  19. Witte, K., Allen, M.: A meta-analysis of fear appeals: implications for effective public health campaigns. Health Educ. Behav. 27(5), 591–615 (2000). https://doi.org/10.1177/109019810002700506

    Article  Google Scholar 

  20. Rimal, R.N., Real, K.: Perceived risk and efficacy beliefs as motivators of change. Hum. Commun. Res. 29(3), 370–399 (2003)

    Google Scholar 

  21. Paek, H.-J., Hove, T.: Risk Perceptions and Risk Characteristics. In: Oxford Research Encyclopedia of Communication. Oxford University Press, Oxford (2017)

    Google Scholar 

  22. Bax, S., McGill, T., Hobbs, V.: Maladaptive behaviour in response to email phishing threats: the roles of rewards and response costs. Comput. Secur. 106, 102278 (2021). https://doi.org/10.1016/j.cose.2021.102278

  23. Geer, D., Jardine, E., Leverett, E.: On market concentration and cybersecurity risk. J. Cyber Policy 5(1), 9–29 (2020). https://doi.org/10.1080/23738871.2020.1728355

  24. Öğütçü, G., Testik, Ö.M., Chouseiniglo, O. : Analysis of personal information security behavior and awareness. Comput. Secur. 56, 83–93 (2016). https://doi.org/10.1016/j.cose.2015.10.002

  25. Lewis, R., Louvieris, P., Abbott, P., Clewley, N., Jones, K.: Cybersecurity information sharing: a framework for information security management in UK SME supply chains. In: Twenty Second European Conference on Information Systems, Tel Aviv, Israel (2014)

    Google Scholar 

  26. D’Arcy, J., Hovav, A., Galletta, D.F.: User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach. Inf. Syst. Res. 20(1), 79–98 (2009). https://doi.org/10.1287/isre.1070.0160

    Article  Google Scholar 

  27. Morrow, B.: BYOD security challenges: control and protect your most sensitive data. Netw. Secur. 2012(12), 5–8 (2012). https://doi.org/10.1016/S1353-4858(12)70111-3

    Article  Google Scholar 

  28. Davis, F.D.: Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Q. 13(3), 319–340 (1989). https://doi.org/10.2307/249008

    Article  Google Scholar 

  29. Pickering, B., Phillips, S., Surridge, M.: Tell me what that means to you: small-story narratives in technology adoption. In: Kurosu, M. (eds.) Human-Computer Interaction. Theoretical Approaches and Design Methods. HCII 2022. LNCS, vol. 13302, pp. 274–289. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-05311-5_19

  30. Ifinedo, P.: Understanding information systems security policy compliance: an integration of the theory of planned behavior and the protection motivation theory. Comput. Secur. 31(1), 83–95 (2012). https://doi.org/10.1016/j.cose.2011.10.007

    Article  Google Scholar 

  31. Pickering, B., Taylor, S.: Cybersecurity Survey. https://zenodo.org/record/7589508

  32. Boniface, M., et al.: DARE UK PRiAM Project D4 Report: Public Engagement: Understanding private individuals’ perspectives on privacy and privacy risk. https://zenodo.org/record/7107487

  33. Pickering, B., Baker, K., Boniface, M., McMahon, J.: Privacy Perspectives Survey. https://zenodo.org/record/7589522

  34. Erdogan, G., Halvorsrud, R., Boletsis, C., Tverdal, S., Pickering, J.B.: Cybersecurity awareness and capacities of SMEs. In: 9th International Conference on Information Systems Security and Privacy. Lisbon Portugal (2023)

    Google Scholar 

  35. Erdogan, G., Halvorsrud, R., Boletsis, C., Tverdal, S., Pickering, J.B.: Cybersecurity awareness and capacities of SMEs. In: International Conference on Information Systems Security and Privacy (ICISSP), Lisbon, Portugal (2022). https://doi.org/10.5281/zenodo.7443048

  36. Edelman, S., Peer, E.: Predicting privacy and security attitudes. ACM SIGCAS Comput. Soc. 45(1), 22–28 (2015). https://doi.org/10.1145/2738210.2738215

    Article  Google Scholar 

  37. Chakravarthy, A., Chen, X., Nasser, B., Surridge, M.: Trustworthy systems design using semantic risk modelling. In: 1st International Conference on Cyber Security for Sustainable Society, Coventry, UK (2015)

    Google Scholar 

  38. Braun, V., Clarke, V.: Using thematic analysis in psychology. Qual. Res. Psychol. 3(2), 77–101 (2006). https://doi.org/10.1191/1478088706qp063oa

    Article  Google Scholar 

  39. Braun, V., Clarke, V.: Reflecting on reflexive thematic analysis. Qual. Res. Sport Exerc. Health 11(4), 589–597 (2019). https://doi.org/10.1080/2159676X.2019.1628806

    Article  Google Scholar 

  40. Chenoweth, T., Minch, R., Gattiker, T.: Application of protection motivation theory to adoption of protective technologies. In: 42nd Hawaii International Conference of System Sciences. IEEE, Waikoloa, HI, USA (2009)

    Google Scholar 

  41. Ajzen, I.: The theory of planned behaviour: reactions and reflections. Psychol. Health 26(9), 1113–1127 (2011). https://doi.org/10.1080/08870446.2011.613995

  42. Deci, E.L., Ryan, R.M.: The “what" and “why" of goal pursuits: human needs and the self-determination of behavior. Psychol. Inq. 11(4), 227–268 (2000). https://doi.org/10.1207/S15327965PLI1104_01

  43. Ruggiero, T.E.: Uses and gratifications theory in the 21st century. Mass Commun. Soc. 3(1), 3–37 (2000). https://doi.org/10.1207/S15327825MCS0301_02

    Article  Google Scholar 

  44. Camilleri, M.A., Falzon, L.: Understanding motivations to use online streaming services: integrating the technology acceptance model (TAM) and the uses and gratifications theory (UGT). Span. J. Mark. ESIC 25(2), 217–238 (2021). https://doi.org/10.1108/SJME-04-2020-0074

    Article  Google Scholar 

  45. Mayer, R.C., Davis, J.H., Schoorman, F.D.: An integrative model of organizational trust. Acad. Manag. Rev. 20(3), 709–734 (1995). https://doi.org/10.5465/AMR.1995.9508080335

    Article  Google Scholar 

  46. Acquisti, A., Brandimarte, L., Loewenstein, G.: Privacy and human behavior in the age of information. Science 347(6221), 509–514 (2015). https://doi.org/10.1126/science.aaa1465

    Article  Google Scholar 

  47. Jahankhani, H., Meda, L.N.K., Samadi, M.: Cybersecurity challenges in small and medium enterprise (SMEs). In: Jahankhani, H., V. Kilpin, D., Kendzierskyj, S. (eds.) Blockchain and Other Emerging Technologies for Digital Business Strategies. Advanced Sciences and Technologies for Security Applications. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-98225-6_1

  48. Slovic, P., Peters, E.: Risk perception and affect. Curr. Dir. Psychol. Sci. 15(6), 322–325 (2006)

    Article  Google Scholar 

  49. Van Schaik, P., Renaud, K., Wilson, C., Jansen, J., Onibokun, J.: Risk as affect: the affect heuristic in cybersecurity. Comput. Secur. 90, 101651 (2020). https://doi.org/10.1016/j.cose.2019.101651

  50. Slovic, P., Finucane, M.L., Peters, E., MacGregor, D.G.: Risk as analysis and risk as feelings: some thoughts about affect, reason, risk, and rationality. Risk Anal. 24(2), 311–322 (2004). https://doi.org/10.1111/j.0272-4332.2004.00433.x

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Electronics and Computer Science, IT Innovation, University of Southampton, Southampton, SO17 1BJ, UK

    Brian Pickering & Stephen C. Phillips

  2. Sustainable Communication Technologies, SINTEF Digital, Oslo, Norway

    Gencer Erdogan

Authors
  1. Brian Pickering
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stephen C. Phillips
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gencer Erdogan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Brian Pickering .

Editor information

Editors and Affiliations

  1. San Jose State University, San Jose, CA, USA

    Abbas Moallem

Ethics declarations

Ethics

The various studies reported here were provided separate approval from the Faculty of Engineering and Physical Sciences (FEPS) Research Ethics Committee at the University of Science. The reference numbers are shown in the final column of Table 1 above.

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Pickering, B., Phillips, S.C., Erdogan, G. (2023). I Just Want to Help: SMEs Engaging with Cybersecurity Technology. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2023. Lecture Notes in Computer Science, vol 14045. Springer, Cham. https://doi.org/10.1007/978-3-031-35822-7_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-35822-7_23

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-35821-0

  • Online ISBN: 978-3-031-35822-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation