An SME-specific cyber situational awareness model to predict the implementation of cyber security controls and precautions

Renaud, Karen and Ophoff, Jacques (2021) An SME-specific cyber situational awareness model to predict the implementation of cyber security controls and precautions. Organizational Cyber Security. ISSN 2635-0289 (In Press)

[thumbnail of Renaud-Ophoff-OCS-2021-An-SME-specific-cyber-situational-awareness-model-to-predict-the-implementation] Text. Filename: Renaud_Ophoff_OCS_2021_An_SME_specific_cyber_situational_awareness_model_to_predict_the_implementation.pdf
Accepted Author Manuscript
Restricted to Repository staff only until 18 June 2022.

Download (742kB) | Request a copy

Abstract

There is widespread concern about the fact that small and medium-sized enterprises (SMEs) seem to be particularly vulnerable to cyber attacks. This is perhaps because smaller businesses lack sufficient situational awareness to make informed decisions in this space, or because they lack the resources to implement security controls and precautions. In this paper, we extend Endsley's theory of situation awareness to propose a model of SMEs' cyber situational awareness, and the extent to which this awareness triggers the implementation of cyber security measures. We collected empirical data through an online survey of 361 UK-based SMEs, subsequently using Partial Least Squares Structural Equation Modelling to validate our model. The results show that heightened situational awareness, as well as resource availability, significantly impacts SMEs' implementation of cyber precautions and controls. We report on our findings and make recommendations that can help to improve situational awareness, which will have the effect of encouraging the implementation of cyber security measures.

ORCID iDs

Renaud, Karen ORCID logoORCID: https://orcid.org/0000-0002-7187-6531 and Ophoff, Jacques;