| Summary: | The threat of cyber risk has become increasingly prevalent within society. Particularly within
businesses, where negative consequences can stem from the corruption of confidentiality,
integrity and availability of information systems. In the case of SMEs, the damage of cyber-
attacks can be severe, if not lethal to their comparatively smaller and therefore more fragile
business operations. In recent years, there has been a record increase in the number of
cyber-attacks on UK SMEs. Accordingly, it is of great importance to support SMEs in
building their cyber-resilience to the growing cyber-threat. Subsequently, this paper aims to
encourage this prerogative, by investigating the perceptions and attitudes of Nottingham
SMEs towards the issue of cyber risk. Through investigating participants’ risk perception of
cyber risk, risk awareness of cyber risk and attitudes towards cyber-security, the researcher
builds a ‘bigger picture’ towards how SMEs interact with the subject of cyber risk. In order to
do so, the paper used a mixed methods approach: quantitative surveys, accompanied by
qualitative interviews. The paper concludes that although SMEs perceive cyber risk to be a
significant threat, there is a fragmentation in cyber risk awareness due to an often ‘lax’
approach to training and education. Moreover, it is found that there are a variety of
constraints which prevent SMEs from incorporating cyber security frameworks that align with
industry standards.
|
|---|