Towards Cybersecurity Risk Management Investment: A Proposed Encouragement Factors Framework for SMEs

Abstract

Disregarding cybersecurity risk management by SME decision-makers became a phenomenon that needs to be studied. Specifically, the lack of cybersecurity risk management investments, which will lead to further risks. The Covid-19 pandemic has proven how the seriousness of cybersecurity threats could increase dramatically in a short period. The authors attempt to detect the role of SMEs' decision-makers in addressing cybersecurity risks nowadays and to suggest avenues for further studies. This paper aims to find out the encouragement factors and how they positively impact cybersecurity risk management investment in SMEs based on conducting several interviews with decision-makers in the sector. The results reveal that eight factors are playing a major role in encouraging SMEs' decision-makers to invest in cybersecurity risk management as a strategic priority. These encouragement factors have been categorised as follows technological context, organizational context, and environmental context. Importantly, a proposed framework of these factors has been discussed widely in order to illustrate expected returns of this investment on the SMEs' sector in the long term. Meaningfully, this research contributes to the financial cybersecurity risk management literature with new insight into the current cybersecurity risk management investment situation in SMEs.