Litcius/Paper detail

It Won’t Happen to Me: Surveying SME Attitudes to Cyber-security

Martin Wilson, Sharon McDonald, Dominic Button, Kenneth McGarry

2022Journal of Computer Information Systems33 citationsDOI

Abstract

We report an online survey of 85 U.K-based SMEs that explored their threat and coping appraisals toward five common types of cyber-attack: Network being hacked; Data being stolen or encrypted; malware infection; mobile devices being compromised; and phishing e-mail attack. Overall, SMEs’ reported assessment of the risk of an attack was low, particularly for the possibility of their business network being hacked or their data being stolen or encrypted. However, there was an incongruence in their Threat Appraisals since, while they believed the risks to be low, they reported that the impact would be high. In terms of Coping Appraisal, respondents indicated that measures to prevent such attacks were both inexpensive and effective. However, their reported self-efficacy was significantly lower for keeping mobile devices safe and avoiding phishing attacks. We discuss these results taking into consideration additional qualitative data and provide recommendations for SME engagement.

Topics & Concepts

PhishingMalwareComputer securityCoping (psychology)Internet privacyEncryptionBusinessComputer sciencePsychologyThe InternetWorld Wide WebClinical psychologyInformation and Cyber SecurityCybercrime and Law Enforcement StudiesSpam and Phishing Detection
It Won’t Happen to Me: Surveying SME Attitudes to Cyber-security | Litcius