Prioritising social engineering risk reduction measures for UK-based small and medium-sized enterprises

Renaud, Karen and van der Schyff, Karl and Brydon, Humphrey and Ophoff, Jacques (2025) Prioritising social engineering risk reduction measures for UK-based small and medium-sized enterprises. In: International Conference on Computer Science, Cybersecurity and Information Technology, 2025-11-03 - 2025-11-04, Cape Town.

Preview

Text. Filename: Renaud-etal-ICCSCIT-2025-Prioritising-social-engineering-risk-reduction-measures.pdf Accepted Author Manuscript License: Strathprints license 1.0 Download (1MB)| Preview

Abstract

The field of cybersecurity devotes time and effort to raising awareness of threats and measures to be implemented to reduce the risks. It is difficult for organisations, especially small ones with limited resources, to implement all possible threat mitigation measures. They have to satisfice by implementing only the measures they can afford and those that make the biggest impact in terms of reducing their vulnerability. Unfortunately, there is limited evidence to support such prioritisation. We explored the prevalence of threats and the relative efficacy of a range of commonly implemented measures that mitigate the most pervasive of these. First, to explore prevalence, we consulted industry and government reports. Second, to explore mitigations, we analysed data gathered by the UK government on the cost and impact of cyberattacks on businesses, charities, and educational institutions, as well as the risk mitigation measures they take (n = 3991). Social engineering was identified as the most common UK threat vector, and the most effective mitigations to social engineering were (1) National Cybersecurity Centre’s Cyber Essentials (standard) certification and (2) up-to-date malware protection. These findings can inform small business' prioritisation of threat mitigation measures.

ORCID iDs

Renaud, Karen ORCID: https://orcid.org/0000-0002-7187-6531

• Share and Export
  

  AtomReferMODSRDF+XMLRIS (EndNote Online, Zotero, Ref manager, etc)EndNoteOpenURL ContextObject in SpanData Cite XMLRefWorksEP3 XMLASCII CitationMultiline CSVRIOXX2 XMLHTML CitationMETSRDF+N3RDF+N-TriplesMPEG-21 DIDLDublin CoreOpenURL ContextObjectJSONSimple MetadataBibTeX
• Item metadata

  Item type:	Conference or Workshop Item(Paper)
  ID code:	92953
  Dates:	Date Event 4 November 2025 Published 5 May 2025 Accepted
  Subjects:	Science > Mathematics > Electronic computers. Computer science > Other topics, A-Z > Human-computer interaction
  Department:	Faculty of Science > Computer and Information Sciences
  Depositing user:	Pure Administrator
  Date deposited:	28 May 2025 10:52
  Last modified:	07 Mar 2026 01:08
  URI:	https://strathprints.strath.ac.uk/id/eprint/92953