Wen Guang Qu,Zhiyong Yang,Zhongming Wang

DOI: https://doi.org/10.1016/j.jbusres.2010.11.023

IF: 11.3

2010-01-01

Journal of Business Research

Abstract:Numerous studies examine potential facilitators and inhibitors of open source software (OSS) adoption at the firm level. This study represents the first attempt to propose and test a multi-level framework, examining the effects of five country-level variables and two under-explored firm-level factors on firm OSS adoption. The findings suggest that a country's uncertainty avoidance orientation has a positive impact on OSS adoption, whereas power distance orientation and economic development have a negative impact on OSS adoption. In addition, uncertainty avoidance at the country level sets boundaries for the effect of firm-level IT-based networks in away that the impact of proprietary IT-based networks becomes stronger, but that of open IT-based networks becomes weaker when uncertainty avoidance is high rather than low. The study also develops public policy implications from these findings.

Kholekile L. Gwebu,Jing Wang

DOI: https://doi.org/10.1016/j.dss.2010.12.010

IF: 6.969

2010-01-01

Decision Support Systems

Abstract:While the benefits of incorporating Open Source Software (OSS) into personal and organizational systems have been widely touted, OSS must be adopted and used by end users before these benefits can be realized. Drawing on research in information systems and sociology, this study develops and evaluates an integrated model for the acceptance of OSS. In addition to the traditional technology adoption variables the findings stress the importance of social identification as a key driver of OSS adoption. The proposed model provides a useful decision support tool for assessing and proactively designing interventions targeted at successful OSS adoption and diffusion.

Robert D Macredie,Kabiru Mijinyawa

DOI: https://doi.org/10.1057/ejis.2010.60

2011-03-01

European Journal of Information Systems

Abstract:The increasing popularity and use of Open Source Software (OSS) has led to significant interest from research communities and enterprise practitioners, notably in the small business sector where this type of software offers particular benefits given the financial and human capital constraints faced. However, there has been little focus on developing valid frameworks that enable critical evaluation and common understanding of factors influencing OSS adoption. This paper seeks to address this shortcoming by presenting a theory-grounded framework for exploring these factors and explaining their influence on OSS adoption, with the context of study being small- to medium-sized Information Technology (IT) businesses in the U.K. The framework has implications for this type of business – and, we will suggest, more widely – as a frame of reference for understanding, and as tool for evaluating benefits and challenges in, OSS adoption. It also offers researchers a structured way of investigating adoption issues and a base from which to develop models of OSS adoption. The study reported in this paper used the Decomposed Theory of Planned Behaviour (DTPB) as a basis for the research propositions, with the aim of: (i) developing a framework of empirical factors that influence OSS adoption; and (ii) appraising it through case study evaluation with 10 U.K. Small- to medium-sized enterprises in the IT sector. The demonstration of the capabilities of the framework suggests that it is able to provide a reliable explanation of the complex and subjective factors that influence attitudes, subjective norms and control over the use of OSS. The paper further argues that the DTPB proved useful in this research area and that it can provide a variety of situation-specific insights related to factors that influence the adoption of OSS.

information science & library science,management,computer science, information systems

Y. Valdés-Rodríguez,J. Hochstetter-Diez,M. Diéguez-Rebolledo,A. Bustamante-Mora,R. Cadena-Martínez,Yolanda Valdés-Rodríguez,Jorge Hochstetter-Diez,Mauricio Diéguez-Rebolledo,Ana Bustamante-Mora,Rodrigo Cadena-Martínez

DOI: https://doi.org/10.1109/access.2024.3372385

IF: 3.9

2024-03-12

IEEE Access

Abstract:Incorporating security into software development in small and medium-sized enterprises (SMEs) is an increasingly relevant challenge and a crucial necessity, especially in an uncertain and fast-paced environment like that of an agile setting. Given the growing threat of cyberattacks, it is imperative to address this issue. This article examines and subsequently analyzes existing strategies in the literature regarding secure software development in the context of SMEs employing agile methodologies. The study initiates a systematic literature review to identify strategies employed in this context. The findings reveal that 57.9% of the studies present strategies to tackle security in agile software development, with 20.2% specifically focusing on SMEs. Subsequently, practices demonstrating success in integrating security measures into the software development lifecycle (SDLC) are analyzed and categorized. The results underscore the necessity of addressing security in the agile environment, as it remains a significant challenge in software development. Effective approaches are also required for small businesses to ensure application protection and long-term sustainability.

computer science, information systems,telecommunications,engineering, electrical & electronic

Tahereh Hasani,Norman O’Reilly,Ali Dehghantanha,Davar Rezania,Nadège Levallet

DOI: https://doi.org/10.1007/s43546-023-00477-6

2023-04-27

SN Business & Economics

Abstract:Cyberattacks negatively impact the performance of enterprises all around the globe. While organizations invest more in cybersecurity to avoid cyberattacks, studies on the factors affecting their overall cybersecurity adoption and awareness are sparse. In this paper, by integrating the diffusion of innovation theory (DOI), technology acceptance model (TAM), and technology-organization-environment (TOE) with the balanced scorecard approach, we propose a comprehensive set of factors that influence cybersecurity adoption and assess the effects of these factors on organizational performance. Data are collected through a survey of IT experts in small and medium-sized enterprises (SMEs) in the United Kingdom, with 147 valid responses. Structural equation modeling based on a statistical package for the social sciences (SPSS) was used to assess the model. The findings identify and confirm the importance of eight factors affecting SMEs' cybersecurity adoption. Moreover, cybersecurity technology adoption is found to positively impacts organizational performance. The proposed framework depicts variables influencing cybersecurity technology adoption and assesses their importance. The outcomes of this study provide a basis for future research and can be adopted by IT and cybersecurity managers to identify the most appropriate cybersecurity technologies that positively impact their company's performance.

Ding-Long Huang,Pei-Luen Patrick Rau,Gavriel Salvendy,Fei Gao,Jia Zhou

DOI: https://doi.org/10.1016/j.ijhcs.2011.07.007

IF: 4.866

2011-01-01

International Journal of Human-Computer Studies

Abstract:The gap between the perceived security of an information system and its real security level can influence people' decisions and behavior. The objective of this study is to find effective ways to adjust people's perception of information security, in order to enhance their intention to adopt IT appliances and compliance to security practices. Two separate experiments were conducted. In experiment I, 64 participants were asked to transfer money through an e-banking system. Their intention to adopt e-banking was measured by a questionnaire. In experiment II, 64 participants were asked to register on an online forum. Their subjective intention to create a strong password was measured by a questionnaire, and the objective strength of the passwords they created was calculated. Results of the ANOVA and the path models derived from the path analysis indicated that people's adoption intention, such as their intention to adopt e-banking, can be enhanced by changing their perceived Knowledge, Controllability and Awareness, while changing the perceived Controllability is most effective. The results also indicated that people's compliance to security practices, such as setting strong passwords for IT systems, can be enhanced by changing their perceived Knowledge, Severity and Possibility, while changing their perceived Knowledge and Severity is most effective. Implications for further research and practice were also discussed.

James Y.L. Thong

DOI: https://doi.org/10.1080/07421222.1999.11518227

IF: 7.582

1999-03-01

Journal of Management Information Systems

Abstract:Based on theories from the technological innovation literature, this study develops an integrated model of infonnation systems (IS) adoption in small businesses. The model specifies contextual variables such as decision-maker characteristics, IS characteristics, organizational characteristics, and environmental characteristics as primary detenninants oflS adoption in small businesses. A questionnaire survey was conducted in 166 small businesses. Data analysis shows that small businesses with certain CEO characteristics (innovativeness and level of IS knowledge), innovation characteristics (relative advantage, compatibility, and complexity of IS), and organizational characteristics (business size and level of employees’ IS knowledge) are more likely to adopt IS. While CEO and innovation characteristics are important detenninants of the decision to adopt, they do not affect the extent of IS adoption. The extent of IS adoption is mainly detennined by organizational characteristics. Finally, the environmental characteristic of competition has no direct effect on small business adoption of lS.

information science & library science,management,computer science, information systems

G.A.N. Darshi

DOI: https://doi.org/10.4038/sljer.v7i1.41

2019-12-01

Sri Lanka Journal of Economic Research

Abstract:Computerized Accounting System (CAS) plays a prominent role in providing information accurately and quickly to meet the challenges of the ever-changing business environment. Developing countries, however, struggle and are reluctant towards adopting CAS in SMEs. In Sri Lanka whereas an emerging economy is existing, a few studies have attempted to study the reticence of adopting CAS in SME sector. SME sector is vital in developing economy as it generates employment, promotes the growth of Gross Domestic Product (GDP) and stimulates other economic activities. Even though SMEs engender many benefits, their persistence is threatened and need strategies to overwhelm the challenges in the competitive business environment in emerging economies. In line with the previous studies focused on the technological revolution and SMEs in developing countries, research findings reveal that SMEs have a poor accounting system and slower in using new technology. According to them, one key strategy is accountability via sound reporting practices. The study, therefore, examines the factors which affect to the adoption of CAS in SMEs in Sri Lanka. According to the literature, the various factors were identified and broadly classified under different categories. In this study, four factors are included in the research model as managers’ support, perceived usefulness, ability of bearing the cost and human resource proficiency. This study was conducted through the structured questionnaire survey method. Data was collected from 118 SMEs representing manufacturing, trading and services sectors in Matara District, Sri Lanka. The study used Partial Least Squares (PLS) path modeling to analyze the collected data. The study results disclosed that manager’s support and firm’s ability of bearing the cost have a positive and statistically significant relationship with adoption of CAS in SMEs. As per survey results, it has confirmed that there is a positive relationship between perceived usefulness and HR proficiency on adoption of CAS but it is not statistically significant.

Wei-Wen Wu,Lawrence W. Lan,Yu-Ting Lee

DOI: https://doi.org/10.1016/j.ijinfomgt.2011.02.007

IF: 18.958

2011-12-01

International Journal of Information Management

Abstract:Software as a Service (SaaS) is regarded as a favorable solution to enhance a modern organization's IT performance and competitiveness; however, many organizations may still be reluctant to introduce SaaS solutions mainly because of the trust concern—they may perceive more risks than benefits. This paper presumes that an organization will augment the trust of adopting SaaS solutions when perceived risks decrease and/or perceived benefits increase. To gain insights into this issue, a solution framework using a modified Decision Making Trial and Evaluation Laboratory (DEMATEL) approach is proposed. The core logic is to treat perceived benefits and perceived risks as two distinct themes so that a visible cause–effect diagram can be developed to facilitate the decision makers. A case study is conducted on a Taiwanese company—one of the world's leading manufacturers in the niche and specialized resistor markets. The findings suggest that the case company concern more about strategic-oriented benefits than economic-oriented benefits and more about subjective risks than technical risks. Some implications are addressed accordingly.

information science & library science

Kelechi G. Kalu,Tanya Singla,Chinenye Okafor,Santiago Torres-Arias,James C. Davis

2024-06-12

Abstract:Many software products are composed by the recursive integration of components from other teams or external parties. Each additional link in a software product's supply chain increases the risk of the injection of malicious behavior. To improve supply chain provenance, many cybersecurity frameworks, standards, and regulations recommend the use of software signing. However, recent surveys and measurement studies have found that the adoption rate and quality of software signatures are low. These findings raise questions about the practical application of software signing, the human factors influencing its adoption, and the challenges faced during its implementation. We lack in-depth industry perspectives on the challenges and practices of software signing. To understand software signing in practice, we interviewed 18 high-ranking industry practitioners across 13 organizations. We provide possible impacts of experienced software supply chain failures, security standards, and regulations on software signing adoption. We also study the challenges that affect an effective software signing implementation. To summarize our findings: (1) We present a refined model of the software supply chain factory model highlighting practitioner's signing practices; (2) We highlight the different challenges -- Technical, Organizational, and Human -- that hamper software signing implementation; (3) We report that expert subjects disagree on the importance of signing; (4) We describe how failure incidents and industry standards affect the adoption of software signing and other security techniques. Our findings contribute to the understanding of software supply chain security by highlighting the impact of human and organizational factors on Software Supply Chain risks and providing nuanced insights for effectively implementing Software Supply Chain security controls -- towards Software signing in practice.

Software Engineering,Cryptography and Security

Mumtaz Abdul Hameed,Nalin Asanka Gamagedara Arachchilage

DOI: https://doi.org/10.48550/arXiv.1904.08229

2019-04-16

Cryptography and Security

Abstract:A number of determinants predict the adoption of Information Systems (IS) security innovations. Amongst, perceived vulnerability of IS security threats has been examined in a number of past explorations. In this research, we examined the processes pursued in analysing the relationship between perceived vulnerability of IS security threats and the adoption of IS security innovations. The study uses Systematic Literature Review (SLR) method to evaluate the practice involved in examining perceived vulnerability on IS security innovation adoption. The SLR findings revealed the appropriateness of the existing empirical investigations of the relationship between perceived vulnerability of IS security threats on IS security innovation adoption. Furthermore, the SLR results confirmed that individuals who perceives vulnerable to an IS security threat are more likely to engage in the adoption an IS security innovation. In addition, the study validates the past studies on the relationship between perceived vulnerability and IS security innovation adoption.

Gabriel Nyame,Zhiguang Qin,Ernest Kwame Ampomah

DOI: https://doi.org/10.3233/hsm-211227

2022-01-01

Human Systems Management

Abstract:BACKGROUND: Knowledge is a source of competitive and strategic resource for many small- and medium-sized enterprises (SMEs). Securing knowledge assets through secured knowledge management systems (KMS) is a critical concern among SMEs. Due to the socio-technical nature of KMS, the security quality of KMS is an influential factor in KMS adoption by SMEs. OBJECTIVE: This study examines the effects of the security quality of KMS and the task-technology fit on KMS adoption among SMEs in Ghana. It further investigates whether or not the security quality of KMS affects the ease of use of KMS among SMEs. METHODS: Using a structured questionnaire, data were gathered from 281 IT professionals from 67 SMEs in Ghana. We used the technology acceptance model (TAM) to find out how security quality and task-technology fit (TTF) affect users’ acceptance of KMS. To facilitate the data collection process and to strictly focus on small and medium-sized enterprises, we excluded enterprises having 100 or more employees. The analyses used for this study focused on the key constructs and they included correlation, factor analysis, and multiple regression analysis. RESULTS: The study found that both perceived ease of use and perceived usefulness influence users’ behavioral intention to accept KMS. Perceived ease of use has a positive relationship with perceived usefulness. Also, the security quality of KMS was found to affect both perceived usefulness and perceived ease of use. However, the effect of the relationship between the security quality of KMS and perceived ease of use is higher when moderated by TTF. CONCLUSIONS: The security quality of KMS is fundamental to strengthening knowledge as a source of competitive advantage for most enterprises. It is important for managers to recognize security quality as an opportunity rather than a threat to advance and sustain their competitiveness as well as ensuring knowledge-sharing success.

Suvini Rasaputhra,Virasha Peiris,Reshika Magallagoda,Chatil Panditasekara,Krishantha Wisenthige,Nipunee Jayasuriya

DOI: https://doi.org/10.1108/jsbed-09-2023-0420

2024-02-25

Journal of Small Business and Enterprise Development

Abstract:Purpose In today's business world, adopting social commerce for day-to-day operations has increasingly become an important phenomenon. Several factors have been identified by previous researchers regarding the adoption of social commerce, but academic research is scarce on the relationship between the factors influencing social commerce adoption and small and medium-sized enterprises (SMEs) in the post-COVID-19 situation. This study aims to identify the impact of technological, environmental and entrepreneurial factors on the adoption of social commerce by SMEs in Sri Lanka. Design/methodology/approach A quantitative study utilised the deductive approach and collected data through a field survey by distributing a five-point Likert scale questionnaire to conveniently selected respondents from Sri Lankan SMEs. Structural equation modelling (SEM) was used for the analysis of 384 responses. Findings The results revealed that technological factors [technology availability (TA) and cost-effectiveness (CE)], environmental factors [bandwagon effect (BE)] and entrepreneurial factors [attitude (AT), innovativeness (IN) and IT knowledge (IK)] have a significant impact on the social commerce adoption of SMEs in Sri Lanka. This study, as the first of its type, offers insightful information on the influence of variables on the adoption of social commerce after the COVID-19 pandemic. Research limitations/implications Similar to any research, this study also has inherent limitations. Due to time and financial restrictions, the study's convenience sampling method was adopted. The study's possible limitation is its narrow focus, which could mean that it only examines a select few social media (SM) networks. The study's conclusions might be less generalised since it focused on the western province of Sri Lanka. Future studies should take a cross-cultural strategy to explore the influence of social commerce adoption to improve the generalisability of research findings. Practical implications This study provides an in-depth assessment of critical factors, facilitating policymakers, owners, leaders and managers (decision-makers) to gain insight into the real influencing factors on social commerce adoption and the significance of SM. The study helps them comprehend how outstanding governance and knowledge of influencing factors can boost SME success in various ways. For example, research reveals that various factors have a major influence on social commerce adoption. Social implications There has been limited research conducted on social commerce adoption after the COVID-19 pandemic period; thus, this study looked at the variables influencing it amongst SMEs in a South Asian developing country like Sri Lanka after the pandemic lasted for two years. By placing a strong emphasis on the role of entrepreneurial characteristics and the available technology within one single framework in the context of SMEs and their involvement with social commerce adoption, this study contributes to the past literature by emphasising the role of several significant factors in SMEs' adoption of social commerce. Whilst previous studies looked at multiple factors influencing the adoption of social commerce globally, this study focussed on how these factors have a significant impact on SMEs in Sri Lanka. Originality/value This study developed a multi-perspective framework combining technological, environmental and entrepreneurial factors influencing SMEs to adopt social commerce. The study provides a contribution to the literature on social commerce adoption from the perspective of SMEs in a developing country like Sri Lanka after COVID-19. Exclusively, it examines the impact of entrepreneur-related factors on social commerce adoption.

Vineet Paliwal,Shalini Chandra,Suneel Sharma

DOI: https://doi.org/10.3390/su16198527

IF: 3.9

2024-10-01

Sustainability

Abstract:This study explores the determinants of the intention to adopt blockchain technology for sustainable supply chain management in Indian micro, small, and medium enterprises. Different from existing studies that advocate the use of socio-technical theory for blockchain technologies, we develop a new theoretical framework, called "SOS," based on a review of the existing literature. This is an adaptation of the technology–organization–environment framework that examines the measures and scales from socio-technical, organizational, and sustainability contexts. We use ADANCO 2.3.2 for variance-based structural equation modeling. The results show that two of the nine hypotheses are negatively significant, while the rest are positive. In our context, social sustainability and computer self-efficacy are strongly negatively significant for the adoption intention of blockchain technology in our context. Software quality and environmental sustainability are strongly positively significant. Meanwhile, collaboration, economic sustainability, and relative advantage mediated by experience are positively significant. Our study contributes to the literature by offering a new theoretical framework, fresh insights from the Indian industry, and several recommendations to practitioners.

environmental sciences,environmental studies,green & sustainable science & technology

Alireza Shojaifar,Samuel A. Fricker

DOI: https://doi.org/10.48550/arXiv.2007.06308

2020-07-13

Computers and Society

Abstract:Small and medium-sized enterprises are considered an essential part of the EU economy, however, highly vulnerable to cyberattacks. SMEs have specific characteristics which separate them from large companies and influence their adoption of good cybersecurity practices. To mitigate the SMEs' cybersecurity adoption issues and raise their awareness of cyber threats, we have designed a self-paced security assessment and capability improvement method, CYSEC. CYSEC is a security awareness and training method that utilises self-reporting questionnaires to collect companies' information about cybersecurity awareness, practices, and vulnerabilities to generate automated recommendations for counselling. However, confidentiality concerns about cybersecurity information have an impact on companies' willingness to share their information. Security information sharing decreases the risk of incidents and increases users' self-efficacy in security awareness programs. This paper presents the results of semi-structured interviews with seven chief information security officers of SMEs to evaluate the impact of online consent communication on motivation for information sharing. The results were analysed in respect of the Self Determination Theory. The findings demonstrate that online consent with multiple options for indicating a suitable level of agreement improved motivation for information sharing. This allows many SMEs to participate in security information sharing activities and supports security experts to have a better overview of common vulnerabilities. The final publication is available at Springer via https://doi.org/10.1007/978-3-030-57404-8_22

Olaitan Olutoyin,Stephen Flowerday

DOI: https://doi.org/10.4102/sajim.v18i1.696

2016-05-13

SA Journal of Information Management

Abstract:Background: Small and medium-sized enterprises (SMEs) are the bedrock of most economies of the world. Due to global competition, SMEs are making significant investments in information technology (IT) to improve their business processes. However, a study of extant literature on the subject of IT governance in SMEs has highlighted the fact that the implementation of structural controls to enable effective IT governance is often difficult, resulting in project failures and loss of income.Objectives: This paper seeks to examine ways by which SMEs can successfully adapt a suitable IT governance framework to manage its IT investments.Method: A content analysis of extant literature was done in this paper. The Technology–Organisation–Environment theory forms the theoretical basis of the proposed key pillars for an SME to evaluate its capability to embark on an IT governance initiative in order to obtain the desired results.Results: From the content analysis of relevant literature, the paper proposed three key pillars which should be in place before an SME adapts any IT governance framework to manage its IT investments. The key pillars are considered an important link between strategic IT governance plans and measurable successful outcomes.Conclusion: It was concluded that an SME would be better positioned for successful IT governance if it were to conduct a careful analysis of the components of these key pillars before embarking on the implementation of any IT governance framework.

English Else

Amir Hamzah,Dadang Suhendar,Agus Zainul Arifin

DOI: https://doi.org/10.24912/ja.v27i3.1520

2023-09-08

Jurnal Akuntansi

Abstract:This study aims to analyze the factors influencing the adoption of Cloud Accounting for SMEs. The sample size in this research is 276 respondents. The research method used is quantitative, where hypotheses are tested, and data is analyzedanalyzed using Smart PLS 3.00. The results of the study indicate that Complexity, Security, Top Management Support, Adequate Resources, Competitive Pressure, Pressure from Trading Partners, Coercive Pressure, Government Support, and Provider Support significantly influence the adoption of cloud accounting. On the other hand, Compatibility, Relative Advantage, and IT Competence do not significantly affect the adoption of cloud accounting.

Ravi Seethamraju

DOI: https://doi.org/10.1007/s10796-014-9506-5

2014-05-27

Information Systems Frontiers

Abstract:Enterprise Resource Planning (ERP) systems are now offered on the cloud under the Software as a Service (SaaS) model. For small and medium sized enterprises (SMEs), this is considered the best opportunity to take advantage of the capabilities of an ERP system without the investment and management costs associated with the on-premise model. Using a cross-sectional field study conducted across four case study organizations, this study investigated the determinants and challenges in the adoption of SaaS ERP systems by SMEs. The study found that the determining factors in deciding to adopt SaaS ERP are software vendor’s reputation in the market, software fit to the business, the potential willingness of the vendor to support the customer throughout the product life cycle, the vendor’s participation in co-creation of value for customers and the generic benefits of implementing an integrated ERP system. With switching considered a costly option, accounting shift of capital costs to operating expenses is considered advantageous by firms. Competitive pressures faced by the enterprise, external factors, concerns about data security and system performance have no influence on adoption decision, according to this study. Change management and increasing the effectiveness of use are challenges, but the willingness of the software vendor to work with organizations’ requests for changes and improvements and the continuous co-creation of value through improved product offerings is reassuring to the firms in the post-implementation phase.

computer science, information systems, theory & methods

Emmanuel Bruce,Zhao Shurong,Du Ying,Meng Yaqi,John Amoah,Sulemana Bankuoru Egala

DOI: https://doi.org/10.3390/su15064760

IF: 3.9

2023-03-08

Sustainability

Abstract:Online presence is fast becoming a marketing hub for contemporary businesses. Often known as digital marketing, the phenomenon offers several opportunities to businesses. Small and medium enterprises (SMEs) are using their online presence to launch stern competitive promotions and interact with consumers. Against the backdrop of the stern competition, digital marketing is being utilized to drive sustainable strategies for SMEs. This study leverages the theory of planned behavior to explore the impact of digital marketing adoption on the sustainable growth of SMEs in Ghana. Using a structured questionnaire and SmartPLS version 3.3 for the data analysis, 533 owners/managers of SMEs in Ghana were drawn to administer the questionnaire. Our findings suggest that, while attitudes toward digital marketing did not influence the intention to use digital marketing, perceived behavior control and subjective norms were found to affect individuals' intentions to use digital marketing. Additionally, the results proved a direct positive link between subjective norms and actual behavioral use of digital marketing. Finally, the relationship between the actual use of digital marketing and SMEs' sustainable growth was also proven positive, affirming that digital marketing significantly improved the sustainable growth of SMEs in developing countries. This study contributes to the multiplicity of factors that influence the behavioral tendencies of managers of firms in their quest to adopt digital platforms to enhance their sustainable growth. The study's results serve as guidelines for prospective adopters of digital platforms as they develop their sustainability strategies.

environmental sciences,environmental studies,green & sustainable science & technology

Alladean Chidukwani,Sebastian Zander,Polychronis Koutsakis

DOI: https://doi.org/10.1109/access.2022.3197899

IF: 3.9

2022-09-04

IEEE Access

Abstract:Small-to-medium sized businesses (SMBs) constitute a large fraction of many countries' economies but according to the literature SMBs are not adequately implementing cyber security which leaves them susceptible to cyber-attacks. Furthermore, research in cyber security is rarely focused on SMBs, despite them representing a large proportion of businesses. In this paper we review recent research on the cyber security of SMBs, with a focus on the alignment of this research to the popular NIST Cyber Security Framework (CSF). From the literature we also summarise the key challenges SMBs face in implementing good cyber security and conclude with key recommendations on how to implement good cyber security. We find that research in SMB cyber security is mainly qualitative analysis and narrowly focused on the Identify and Protect functions of the NIST CSF with very little work on the other existing functions. SMBs should have the ability to detect, respond and recover from cyber-attacks, and if research lacks in those areas, then SMBs may have little guidance on how to act. Future research in SMB cyber security should be more balanced and researchers should adopt well-established powerful quantitative research approaches to refine and test research whilst governments and academia are urged to invest in incentivising researchers to expand their research focus.