Advanced search
Publication Cover
Journal of Computer Information Systems Latest Articles
Submit an article Journal homepage
1,615
Views
1
CrossRef citations to date
0
Altmetric
Research Article

Cybersecurity Resilience in SMEs. A Machine Learning Approach

Juan Carlos Fernandez de Arroyabea University of Essex, Colchester, UKView further author information
,
Marta F. Arroyabea University of Essex, Colchester, UKCorrespondence[email protected]
View further author information
,
Ignacio Fernandezb Loughborough University, Loughborough, UKView further author information
&
Carlos F. A. Arranzc University of Greenwich, London, UKView further author information
Published online: 01 Sep 2023

References

  • Fernandez de Arroyabe IF, Arranz CF, Arroyabe MF, de Arroyabe JCF. Cybersecurity capabilities and cyber-attacks as drivers of investment in cybersecurity systems: a UK survey for 2018 and 2019. Comput Secur. 2023;124:102954. doi:10.1016/j.cose.2022.102954.
  • Ekelund S, Iskoujina Z. Cybersecurity economics – balancing operational security spending. Inf Technol People. 2019;32(5):1318–42. doi:10.1108/ITP-05-2018-0252.
  • Jalali MS, Siegel M, Madnick S. Decision-making and biases in cybersecurity capability development: evidence from a simulation game experiment. J Strategic Inf Syst. 2019;28(1):66–82. doi:10.1016/j.jsis.2018.09.003.
  • Conteh NY, Schmick PJ. Cybersecurity: risks, vulnerabilities and countermeasures to prevent social engineering attacks. Int J Adv Comput Res. 2016;6(23):31–43. doi:10.19101/IJACR.2016.623006.
  • Caldwell T. Plugging the cyber-security skills gap. Comput Fraud Secur. 2013;2013(7):5–10. doi:10.1016/S1361-3723(13)70062-9.
  • Choo KR. The cyber threat landscape: challenges and future research directions. Comput Secur. 2011;30(8):719–31. doi:10.1016/j.cose.2011.08.004.
  • Weishäupl E, Yasasin E, Schryen G. Information security investments: an exploratory multiple case study on decision-making, evaluation and learning. Comput Secur. 2018;77:807–23. doi:10.1016/j.cose.2018.02.001.
  • Srinidhi B, Yan J, Tayi GK. Allocation of resources to cyber-security: the effect of misalignment of interest between managers and investors. Decis Support Syst. 2015;75:49–62. doi:10.1016/j.dss.2015.04.011.
  • Wright RT, Jensen ML, Thatcher JB, Dinger M, Marett K. Research note—influence techniques in phishing attacks: an examination of vulnerability and resistance. Inf Syst Res. 2014;25(2):385–400. doi:10.1287/isre.2014.0522.
  • Mallinder J, Drabwell P. Cyber security: a critical examination of information sharing versus data sensitivity issues for organisations at risk of cyber-attack. J Bus Contin Emer Plan. 2014;7:103–11.
  • Cucoranu IC, Parwani AV, West AJ, Romero-Lauro G, Nauman K, Carter AB, Balis UJ, Tuthill MJ, Pantanowitz L. Privacy and security of patient data in the pathology laboratory. J Pathol Inform. 2013;4(1):4. doi:10.4103/2153-3539.108542.
  • Fernandez De Arroyabe I, Fernandez de Arroyabe JC. The severity and effects of cyber-breaches in SMEs: a machine learning approach. Enterp Inf Syst. 2023;17(3):1942997. doi:10.1080/17517575.2021.1942997.
  • European Commission. The digital economy and society index (DESI). 2020. https://ec.europa.eu/newsroom/dae/document.cfm?doc_id=72352.
  • Hayes J, Bodhani A. Cyber security: small firms under fire. Eng Technol. 2013;8(6):80–83. doi:10.1049/et.2013.0614.
  • Osborn E. Business versus technology: sources of the perceived lack of cyber security in SMEs. CDT Technical Paper 01/15. University of Oxford; 2015.
  • Ponsard C, Grandclaudon J, Dallons G. Towards a cyber security label for SMEs: a European perspective. Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP 2018). Funchal - Madeira, Portugal: Science and Technology Publications; 2018. p. 426–431.
  • Valli C, Martinus IC, Johnstone MN. Small to medium enterprise cyber security awareness: an initial survey of Western Australian business. Proceedings of International Conference on Security and Management. Las Vegas, USA: CSREA Press; 2014. p. 71–75.
  • NIST. Glossary. Computer security resource center (CSR). National Institute for Standards and Technology; 2023. https://csrc.nist.gov/glossary/term/cyber_resiliency.
  • DCMS. Cyber security breaches survey 2021. 2021. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2021.
  • Benaroch M. Real options models for proactive uncertainty-reducing mitigations and applications in cybersecurity investment decision making. Inf Syst Res. 2018;29(2):315–40. doi:10.1287/isre.2017.0714.
  • Shin YY, Lee JK, Kim M. Preventing state-led cyberattacks using the bright internet and internet peace principles. J Assoc Inf Syst. 2018;19(3):152–81. doi:10.17705/1jais.00488.
  • Renaud K, Ophoff J. A cyber situational awareness model to predict the implementation of cyber security controls and precautions by SMEs. Organ Cybersecur J. 2021;1(1):24–46. doi:10.1108/OCJ-03-2021-0004.
  • Mayadunne S, Park S. An economic model to evaluate information security investment of risk-taking small and medium enterprises. Int J Prod Econ. 2016;182:519–30. doi:10.1016/j.ijpe.2016.09.018.
  • Bharadwaj AS. A resource-based perspective on information technology capability and firm performance: an empirical investigation. MIS Q. 2000;24(1):169–96. doi:10.2307/3250983.
  • Cavusoglu H, Cavusoglu H, Son JY, Benbasat I. Institutional pressures in security management: direct and indirect influences on organizational investment in information security control resources. Inf Manage. 2015;52(4):385–400. doi:10.1016/j.im.2014.12.004.
  • Alpaydin E. Machine learning. The MIT Press; 2021. doi:10.7551/mitpress/13811.001.0001.
  • Paliwal M, Kumar UA. Neural networks and statistical techniques: a review of applications. Expert Syst Appl. 2009;36(1):2–17. doi:10.1016/j.eswa.2007.10.005.
  • Warkentin M, Johnston AC, Walden E, Straub DW. Neural correlates of protection motivation for secure IT behaviors: an fMRI examination. J Assoc Inf Syst. 2016;17(3):194–211. doi:10.17705/1jais.00424.
  • Teece DJ. The foundations of enterprise performance: dynamic and ordinary capabilities in an (economic) theory of firms. Acad Manage Perspect. 2014;28(4):328–52. doi:10.5465/amp.2013.0116.
  • Suddaby R, Coraiola D, Harvey C, Foster W. History and the micro-foundations of dynamic capabilities. Strateg Manag J. 2020;41(3):530–56. doi:10.1002/smj.3058.
  • Grant RM. Toward a knowledge-based theory of the firm. Strateg Manag J. 1996;17:109–22. doi:10.1002/smj.4250171110.
  • Barney J. Firm resources and sustained competitive advantage. J Manage. 1991;17(1):99–120. doi:10.1177/014920639101700108.
  • Peteraf M. The cornerstones of competitive advantage: a resource-based view. Strateg Manag J. 1993;14:179–91. doi:10.1002/smj.4250140303.
  • Jalali MS, Kaiser JP. Cybersecurity in hospitals: a systematic, organizational perspective. J Med Internet Res. 2018;20(5):e10059. doi:10.2196/10059.
  • Jensen ML, Dinger M, Wright RT, Thatcher JB. Training to mitigate phishing attacks using mindfulness techniques. J Manage Inf Syst. 2017;34(2):597–626. doi:10.1080/07421222.2017.1334499.
  • ENISA. ENISA threat landscape 2020: cyber attacks becoming more sophisticated, targeted, widespread and undetected. European Union Agency For Cybersecurity; 2020. https://www.enisa.europa.eu/topics/cyber-threats/threats-and-trends.
  • ISO/IEC 27002:2022. Information security, cybersecurity and privacy protection — information security controls. Geneva: ISO/IEC; 2022.
  • Bose R, Luo X, Liu A. Investigating security investment impact on firm performance. Int J Account Inf Manag. 2014;22(3):194–208. doi:10.1108/IJAIM-04-2014-0026.
  • ISO. ISO/IEC 27001: 2017 - information security management. ISO/IEC; 2016. http://www.iso.org/iso/iso27001.
  • ISO/IEC 15408-1:2009. Information technology – security techniques – evaluation criteria for IT security – Part 1: introduction and general model. ISO/IEC; 2018. https://www.iso.org/standard/50341.html.
  • Rakas SB, Timcenko V, Kabovic M, Kabovic A. Cyber security issues in conductor temperature and meteorological measurement based DLR system. Mediterranean Conference on Power Generation, Transmission, Distribution and Energy Conversion (MedPower 2016). Belgrade (Serbia): IET; 2016. p. 1–7.
  • Couce-Vieira A, Insua DR, Kosgodagan A. Assessing and forecasting cybersecurity impacts. Decis Anal. 2020;17(4):356–74. doi:10.1287/deca.2020.0418.
  • Forbes Insights. The reputational impact of it risk. FALLOUT; 2014. https://images.forbes.com/forbesinsights/StudyPDFs/IBM_Reputational_IT_Risk_REPORT.pdf.
  • Podsakoff PM, MacKenzie SB, Lee JY, Podsakoff NP. Common method biases in behavioral research: a critical review of the literature and recommended remedies. J Appl Psychol. 2003;88(5):879. doi:10.1037/0021-9010.88.5.879.
  • Wang Q. Artificial neural networks as cost engineering methods in a collaborative manufacturing environment. Int J Prod Econ. 2007;109(1):53–64. doi:10.1016/j.ijpe.2006.11.006.
  • Ciurana J, Quintana G, Garcia-Romeu ML. Estimating the cost of vertical high-speed machining centres, a comparison between multiple regression analysis and the neural networks approach. Int J Prod Econ. 2008;115(1):171–78. doi:10.1016/j.ijpe.2008.05.009.
  • Yegnanarayana B. Artificial neural networks. New Delhi (India): PHI Learning Pvt. Ltd; 2009.
  • Ibrahim OM. A comparison of methods for assessing the relative importance of input variables in artificial neural networks. J Appl Sci Res. 2013;9:5692–700.
  • Kabanda S, Tanner M, Kent C. Exploring SME cybersecurity practices in developing countries. J Organ Comput Electron Commerce. 2018;28(3):269–82. doi:10.1080/10919392.2018.1484598.
  • Benz M, Chatterjee D. Calculated risk? A cybersecurity evaluation tool for SMEs. Bus Horiz. 2020;63(4):531–40. doi:10.1016/j.bushor.2020.03.010.
  • Menard P, Bott GJ, Crossler RE. User motivations in protecting information security: protection motivation theory versus self-determination theory. J Manage Inf Syst. 2017;34(4):1203–30. doi:10.1080/07421222.2017.1394083.
  • Posey C, Roberts TL, Lowry PB. The impact of organizational commitment on insiders’ motivation to protect organizational information assets. J Manage Inf Syst. 2015;32(4):179–214. doi:10.1080/07421222.2015.1138374.
  • Chan M, Woon IMY, Kankanhalli A. Perceptions of information security at the workplace: linking information security climate to compliant behavior. Int J Inf Privacy Secur. 2005;1(3):18–41. doi:10.1080/15536548.2005.10855772.
  • Vance A, Siponen M, Pahnila S. Motivating is security compliance: insights from habit and protection motivation theory. Inf Manage. 2012;49(3–4):190–98. doi:10.1016/j.im.2012.04.002.
  • Ifinedo P. Understanding information systems security policy compliance: an integration of the theory of planned behavior and the protection motivation theory. Comput Secur. 2012;31(1):83–95. doi:10.1016/j.cose.2011.10.007.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.