TY - JOUR
T1 - A quest for research and knowledge gaps in cybersecurity awareness for small and medium-sized enterprises
AU - Chaudhary, Sunil
AU - Gkioulos, Vasileios
AU - Katsikas, Sokratis
N1 - Funding Information:
This work was financially supported by the CyberSec4Europe, Belgium project (Proposal No. 830929 ). This paper is an extended and revised version of the deliverable report D9.6 SME cybersecurity awareness program 1 [1] from CyberSec4Europe’s WP9: Dissemination, Outreach, Spreading of Competence, Raising Awareness.
Publisher Copyright:
© 2023 The Author(s)
PY - 2023/11/1
Y1 - 2023/11/1
N2 - The proliferation of information and communication technologies in enterprises enables them to develop new business models and enhance their operational and commercial activities. Nevertheless, this practice also introduces new cybersecurity risks and vulnerabilities. This may not be an issue for large organizations with the resources and mature cybersecurity programs in place; the situation with small and medium-sized enterprises (SMEs) is different since they often lack the resources, expertise, and incentives to prioritize cybersecurity. In such cases, cybersecurity awareness can be a critical component of cyberdefense. However, research studies dealing with cybersecurity awareness or related domains exclusively for SMEs are rare, indicating a pressing need for research addressing the cybersecurity awareness requirements of SMEs. Prior to that, though, it is crucial to identify which aspects of cybersecurity awareness require further research in order to adapt or conform to the needs of SMEs. In this study, we conducted a systematic literature review that focused on cybersecurity awareness, prioritizing those performed with a particular focus on SMEs. The study seeks to analyze and evaluate such studies primarily to determine knowledge and research gaps in the cybersecurity awareness field for SMEs, thus providing a direction for future research.
AB - The proliferation of information and communication technologies in enterprises enables them to develop new business models and enhance their operational and commercial activities. Nevertheless, this practice also introduces new cybersecurity risks and vulnerabilities. This may not be an issue for large organizations with the resources and mature cybersecurity programs in place; the situation with small and medium-sized enterprises (SMEs) is different since they often lack the resources, expertise, and incentives to prioritize cybersecurity. In such cases, cybersecurity awareness can be a critical component of cyberdefense. However, research studies dealing with cybersecurity awareness or related domains exclusively for SMEs are rare, indicating a pressing need for research addressing the cybersecurity awareness requirements of SMEs. Prior to that, though, it is crucial to identify which aspects of cybersecurity awareness require further research in order to adapt or conform to the needs of SMEs. In this study, we conducted a systematic literature review that focused on cybersecurity awareness, prioritizing those performed with a particular focus on SMEs. The study seeks to analyze and evaluate such studies primarily to determine knowledge and research gaps in the cybersecurity awareness field for SMEs, thus providing a direction for future research.
KW - cybersecurity awareness
KW - research and knowledge gaps
KW - small and medium-sized enterprises
KW - systematic literature review
U2 - 10.1016/j.cosrev.2023.100592
DO - 10.1016/j.cosrev.2023.100592
M3 - (Systematic) Review article
SN - 1574-0137
VL - 50
JO - Computer Science Review
JF - Computer Science Review
M1 - 100592
ER -