Small and medium-sized enterprises (SMEs) share many of the same cyber security needs and challenges as larger organisations but often have significantly less knowledge and capability to deal with them. A fundamental initial issue can be locating relevant information, with the natural route for SMEs seeking and referring to related guidance found online. This can be challenging considering the volume and variety of sources that can consequently be located. This paper aims to explore the barriers to cyber security adoption faced by SMEs potentially stemming from the coverage, completeness and clarity of online guidance documents.
An assessment of over 30 UK-based guidance sources with two subsequent semi-structured interview-based studies with 24 participants (12 providers and 12 SMEs).
Results from the assessment reveal that there is significant diversity in the materials that SMEs may be presented with, potentially leading to inconsistent and ill-informed decision-making and confusion. Findings from subsequent interviews highlight the impact of guidance-related vectors when implementing advice. These aspects are exacerbated by SMEs’ reactive needs, internal limitations and awareness of cyber security – hindering their ability to act competently in the context of cyber security.
This contributes to a limited amount of research of how SMEs seek support for cyber security and the effectiveness and impact of online guidance. It also explores this theme from the viewpoint of SMEs and providers in tandem to offer a deeper understanding of security adoption through their lived experiences.
