I just want to help: SMEs engaging with cybersecurity technology
I just want to help: SMEs engaging with cybersecurity technology
The cybersecurity landscape is particularly challenging for SMEs. On the one hand, they must comply with regulation or face legal sanction. But on the other, they may not have the resource or expertise to ensure regulatory compliance, especially since this is not their core business. At the same time, it is also well-attested in the literature that individuals (human actors in the ecosystem) are often targeted for cyber attacks. So, SMEs must also consider their employees but also their clients as potential risks regarding cybersecurity. Finally, it is also known that SMEs working together as part of a single supply chain are reluctant to share cybersecurity status and information. Given all of these challenges, assuming SMEs recognise their responsibility for security, they may be overwhelmed in trying to meet all the associated requirements. There are tools to help support them, of course, assuming they are motivated to engage with such tooling. This paper looks at the following aspects of this overall situation. In a set of four studies, we assess private citizen understanding of cybersecurity and who they believe to be responsible. On that basis, we then consider their attitude to sharing data with service providers. Moving to SMEs, we provide a general overview of their response to the cybersecurity landscape. Finally, we ask four SMEs across different sectors how they respond to cybersecurity tooling. As well as providing an increased understanding of private citizen and SME attitudes to cybersecurity, we conclude that SMEs need not be overwhelmed by their responsibilities. On the contrary, they can take the opportunity to innovate based on their experience with cybersecurity tools.
Awareness, Cybersecurity, Innovation, Mixed Methods, SME, Secure System Modelling, Self-Efficacy, Training
338–352
Pickering, Brian
225088d0-729e-4f17-afe2-1ad1193ccae6
Phillips, Stephen C.
47610c30-a543-4bac-a96a-bc1fce564a59
Erdogan, Gencer
69592e1c-0772-4eca-b3b4-f41b8bf080bc
24 June 2023
Pickering, Brian
225088d0-729e-4f17-afe2-1ad1193ccae6
Phillips, Stephen C.
47610c30-a543-4bac-a96a-bc1fce564a59
Erdogan, Gencer
69592e1c-0772-4eca-b3b4-f41b8bf080bc
Pickering, Brian, Phillips, Stephen C. and Erdogan, Gencer
(2023)
I just want to help: SMEs engaging with cybersecurity technology.
Moallem, Abbas
(ed.)
In HCI for Cybersecurity, Privacy and Trust: 5th International Conference, HCI-CPT 2023, Held as Part of the 25th HCI International Conference, HCII 2023, Copenhagen, Denmark, July 23–28, 2023, Proceedings.
vol. 14045,
Springer Cham.
.
(doi:10.1007/978-3-031-35822-7_23).
Record type:
Conference or Workshop Item
(Paper)
Abstract
The cybersecurity landscape is particularly challenging for SMEs. On the one hand, they must comply with regulation or face legal sanction. But on the other, they may not have the resource or expertise to ensure regulatory compliance, especially since this is not their core business. At the same time, it is also well-attested in the literature that individuals (human actors in the ecosystem) are often targeted for cyber attacks. So, SMEs must also consider their employees but also their clients as potential risks regarding cybersecurity. Finally, it is also known that SMEs working together as part of a single supply chain are reluctant to share cybersecurity status and information. Given all of these challenges, assuming SMEs recognise their responsibility for security, they may be overwhelmed in trying to meet all the associated requirements. There are tools to help support them, of course, assuming they are motivated to engage with such tooling. This paper looks at the following aspects of this overall situation. In a set of four studies, we assess private citizen understanding of cybersecurity and who they believe to be responsible. On that basis, we then consider their attitude to sharing data with service providers. Moving to SMEs, we provide a general overview of their response to the cybersecurity landscape. Finally, we ask four SMEs across different sectors how they respond to cybersecurity tooling. As well as providing an increased understanding of private citizen and SME attitudes to cybersecurity, we conclude that SMEs need not be overwhelmed by their responsibilities. On the contrary, they can take the opportunity to innovate based on their experience with cybersecurity tools.
This record has no associated files available for download.
More information
Published date: 24 June 2023
Additional Information:
Funding Information: this work was supported by the EU H2020 project CyberKit4SME (Grant agreement: 883188).
Venue - Dates:
25<sup>th</sup> International Conference on Human-Computer Interaction, AC Bella Sky Hotel and Bella Center, Copenhagen, Denmark, 2023-07-23 - 2023-07-28
Keywords:
Awareness, Cybersecurity, Innovation, Mixed Methods, SME, Secure System Modelling, Self-Efficacy, Training
Identifiers
Local EPrints ID: 477831
URI: http://eprints.soton.ac.uk/id/eprint/477831
ISSN: 0302-9743
PURE UUID: 51817057-bfd4-4c5a-bc49-8645875eeb56
Catalogue record
Date deposited: 15 Jun 2023 16:48
Last modified: 18 Mar 2024 03:17
Export record
Altmetrics
Contributors
Author:
Stephen C. Phillips
Author:
Gencer Erdogan
Editor:
Abbas Moallem
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics