Advanced search
Publication Cover
Enterprise Information Systems Volume 17, 2023 - Issue 3
Submit an article Journal homepage
6,357
Views
5
CrossRef citations to date
0
Altmetric
Research Article

The severity and effects of Cyber-breaches in SMEs: a machine learning approach

Ignacio Fernandez De Arroyabea Data Services, Commercial Banking, Lloyds Banking Group, UK;b Cyber Security Centre, Warwick Manufacturing Group (WMG), University of Warwick, UK
&
Juan Carlos Fernandez de Arroyabec Essex Business School, University of Essex, Elmer Approach, Southend-on-Sea, UKCorrespondence[email protected]
Article: 1942997 | Received 04 Dec 2020, Accepted 10 Jun 2021, Published online: 30 Jun 2021

References

  • ABI (2020). “Cyber Risk Insurance.” The Association of British Insurers. https://www.abi.org.uk/products-and-issues/choosing-the-right-insurance/business-insurance/cyber-risk-insurance/
  • Aguilar, L. A. (2015). “The Need for Greater Focus on the Cybersecurity Challenges Facing Small and Midsize Businesses.” US Securities and Exchange Commission. https://www.sec.gov/news/statement/cybersecurity-challenges-for-small-midsize-businesses.html
  • Ahmad, A., J. Webb, K. C. Desouza, and J. Boorman. 2019. “Strategically-motivated Advanced Persistent Threat: Definition, Process, Tactics and a Disinformation Model of Counterattack.” Computers & Security 86: 402–418. doi:10.1016/j.cose.2019.07.001.
  • Arranz, N., and J. C. Fernandez de Arroyabe. 2010. “Efficiency in Technological Networks, an Approach from Artificial Neural Networks (ANN).” International Journal of Management Science and Engineering Management 5 (6): 453–460. doi:10.1080/17509653.2010.10671137.
  • Arranz, N., N. L. Arguello, and J. C. Fernandez de Arroyabe. 2021. “How Do Internal, Market and Institutional Factors Affect the Development of Eco-innovation in Firms?” Journal of Cleaner Production 297: 126692. doi:10.1016/j.jclepro.2021.126692.
  • Ashibani, Y., and Q. H. Mahmoud. 2017. “Cyber Physical Systems Security: Analysis, Challenges and Solutions.” Computers & Security 68: 81–97. doi:10.1016/j.cose.2017.04.005.
  • Bishop, C. M. 1995. Neural Networks for Pattern Recognition. Oxford, UK: Oxford University Press.
  • Bland, J. A., M. D. Petty, T. S. Whitaker, K. P. Maxwell, and W. A. Cantrell. 2020. “Machine Learning Cyberattack and Defense Strategies.” Computers & Security 92: 101738. doi:10.1016/j.cose.2020.101738.
  • Bourilkov, D. 2019. “Machine and Deep Learning Applications in Particle Physics.” International Journal of Modern Physics A 34 (35): 1930019. doi:10.1142/S0217751X19300199.
  • Cavusoglu, H., H. Cavusoglu, J. Y. Son, and I. Benbasat. 2015. “Institutional Pressures in Security Management: Direct and Indirect Influences on Organizational Investment in Information Security Control Resources.” Information & Management 52 (4): 385–400. doi:10.1016/j.im.2014.12.004.
  • Cenfetelli, R., and G. Bassellier. 2009. “Interpretation of Formative Measurement in Information Systems Research.” MIS Quarterly 33 (4): 689–708. doi:10.2307/20650323.
  • Chan, M., I. Y. Woon, and A. Kankanhalli. 2005. “Perceptions of Information Security at the Workplace: Linking Information Security Climate to Compliant Behavior.” Journal of Information Privacy and Security 1 (3): 18–41. doi:10.1080/15536548.2005.10855772.
  • Chaudhry, P. E., S. S. Chaudhry, S. A. Stumpf, and H. Sudler. 2011. “Piracy in Cyber Space: Consumer Complicity, Pirates and Enterprise Enforcement.” Enterprise Information Systems 5 (2): 255–271. doi:10.1080/17517575.2010.524942.
  • Choo, K. R. 2011. “The Cyber Threat Landscape: Challenges and Future Research Directions.” Computers & Security 30 (8): 719–731. doi:10.1016/j.cose.2011.08.004.
  • Chronopoulos, M., E. Panaousis, and J. Grossklags. 2018. “An Options Approach to Cybersecurity Investment.” IEEE Access 6: 12175–12186. doi:10.1109/ACCESS.2017.2773366.
  • Ciurana, J., G. Quintana, and M. L. Garcia-Romeu. 2008. “Estimating the Cost of Vertical High-speed Machining Centers, a Comparison between Multiple Regression Analysis and the Neural Approach.” International Journal of Production Economics 115 (1): 171–178. doi:10.1016/j.ijpe.2008.05.009.
  • CLUSIF. 2008. Risk Management. Concepts and Methods. Paris: Club de la Securite Infomatique.
  • Cohen, F. 1997. “Information System Attacks: A Preliminary Classification Scheme.” Computers & Security 16 (1): 29–46. doi:10.1016/S0167-4048(97)85785-9.
  • Conteh, N. Y., and P. J. Schmick. 2016. “Cybersecurity: Risks, Vulnerabilities and Countermeasures to Prevent Social Engineering Attacks.” International Journal of Advanced Computer Research 6 (23): 31–43. doi:10.19101/IJACR.2016.623006.
  • Couce-Vieira, A., D. R. Insua, and A. Kosgodagan. 2020. “Assessing and Forecasting Cybersecurity Impacts.” Decision Analysis 17 (4): 356–374. doi:10.1287/deca.2020.0418.
  • Cyber Security Breaches Survey (2016). “Official Statistics. Cyber Security Breaches Survey 2017.” Department for Digital, Culture, Media & Sport. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2017
  • Cyber Security Breaches Survey (2017). “Official Statistics. Cyber Security Breaches Survey 2017.” Department for Digital, Culture, Media & Sport. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2018
  • Dahiya, A., and B. B. Gupta. 2020. “Multi Attribute Auction Based Incentivized Solution against DDoS Attacks.” Computers & Security 92: 101763. doi:10.1016/j.cose.2020.101763.
  • Ekelund, S., and Z. Iskoujina. 2019. “Cybersecurity Economics – Balancing Operational Security Spending.” Information Technology & People 32 (5): 1318–1342. doi:10.1108/ITP-05-2018-0252.
  • ENISA. 2018. Reference Incident Classification Taxonomy. Luxembourg: European Union Agency for Cybersecurity.
  • ENISA. 2020. Insider Threat ENISA. Threat Landscape. Luxembourg: European Union Agency for Cybersecurity.
  • Fielder, A., E. Panaousis, P. Malacaria, C. Hankin, and F. Smeraldi. 2016. “Decision Support Approaches for Cyber Security Investment.” Decision Support Systems 86: 13–23. doi:10.1016/j.dss.2016.02.012.
  • Forbes Insights (2014). “The Reputational Impact of It Risk.” FALLOUT. https://images.forbes.com/forbesinsights/StudyPDFs/IBM_Reputational_IT_Risk_REPORT.pdf
  • Garre, J. T. M., M. G. Pérez, and A. Ruiz-Martínez. 2021. “A Novel Machine Learning-based Approach for the Detection of SSH Botnet Infection.” Future Generation Computer Systems 115: 387–396. doi:10.1016/j.future.2020.09.004.
  • Gatrner Group (2014). “Top 10 Strategic Predictions for 2015.” Gartner Group. http://www.gartner.com/technology/home.jsp
  • Hayes, J., and A. Bodhani. 2013. “Cyber Security: Small Firms under Fire.” Engineering & Technology 8 (6): 80–83.
  • Heartfield, R., G. Loukas, S. Budimir, A. Bezemskij, J. R. Fontaine, A. Filippoupolitis, and E. Roesch. 2018. “A Taxonomy of Cyber-physical Threats and Impact in the Smart Home.” Computers & Security 78: 398–428. doi:10.1016/j.cose.2018.07.011.
  • Hegazy, T., Fazio, P., and Moselhi, O. (1994). Developing practical neural network applications using back‐propagation. Computer‐Aided Civil and Infrastructure Engineering, 9(2): 145–159.
  • Herath, T., and H. R. Rao. 2009. “Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organizations.” European Journal of Information Systems 18 (2): 106–125. doi:10.1057/ejis.2009.6.
  • Ifinedo, P. 2012. “Understanding Information Systems Security Policy Compliance: An Integration of the Theory of Planned Behavior and the Protection Motivation Theory.” Computers & Security 31 (1): 83–95. doi:10.1016/j.cose.2011.10.007.
  • ISO (2016). “ISO/IEC 27001: 2013 - Information Security Management.” ISO/IEC. http://www.iso.org/iso/iso27001
  • ISO/IEC. 2014. International Standard ISO/IEC 27000: Information Technology-Security Techniques - Information Security Management Systems - Overview and Vocabulary. Geneva: ISO/IEC.
  • Jang-Jaccard, J., and S. Nepal. 2014. “A Survey of Emerging Threats in Cybersecurity.” Journal of Computer and System Sciences 80 (5): 973–993. doi:10.1016/j.jcss.2014.02.005.
  • Jensen, M. L., M. Dinger, R. T. Wright, and J. B. Thatcher. 2017. “Training to Mitigate Phishing Attacks Using Mindfulness Techniques.” Journal of Management Information Systems 34 (2): 597–626. doi:10.1080/07421222.2017.1334499.
  • Jeong, C. Y., S. Y. T. Lee, and J. H. Lim. 2019. “Information Security Breaches and IT Security Investments: Impacts on Competitors.” Information & Management 56 (5): 681–695. doi:10.1016/j.im.2018.11.003.
  • Kaspersky (2017). “For Business IT Security: Cost Center or Strategic Investment? Investigating the New Business Attitude Towards IT Security Budgets.” Kaspersky For Business. https://go.kaspersky.com/rs/802-IJN-240/images/IT%20Security%20Econmics%20Report%209.18.17.pdf
  • Lezoche, M., and H. Panetto. 2020. “Cyber-Physical Systems, a New Formal Paradigm to Model Redundancy and Resiliency.” Enterprise Information Systems 14 (8): 1150–1171. doi:10.1080/17517575.2018.1536807.
  • Liginlal, D., I. Sim, and L. Khansa. 2009. “How Significant is Human Error as a Cause of Privacy Breaches? An Empirical Study and a Framework for Error Management.” Computers & Security 28 (3–4): 215–228. doi:10.1016/j.cose.2008.11.003.
  • Mallinder, J., and P. Drabwell. 2014. “Cyber Security: A Critical Examination of Information Sharing versus Data Sensitivity Issues for Organisations at Risk of Cyber-attack.” Journal of Business Continuity & Emergency Planning 7 (2): 103–111.
  • Manning, T., R. D. Sleator, and P. Walsh. 2014. “Biologically Inspired Intelligent Decision Making: A Commentary on the Use of Artificial Neural Networks in Bioinformatics.” Bioengineered 5 (2): 80–95. doi:10.4161/bioe.26997.
  • Masters, T. 1993. Practical Neural Network Recipes in C++. San Francisco, California: Morgan Kaufmann.
  • Mendhurwar, S., and R. Mishra. 2019. “Integration of Social and IoT Technologies: Architectural Framework for Digital Transformation and Cyber Security Challenges.” Enterprise Information Systems 1–20. doi:10.1080/17517575.2019.1600041.
  • Minbashian, A., J. E. Bright, and K. D. Bird. 2010. “A Comparison of Artificial Neural Networks and Multiple Regression in the Context of Research on Personality and Work Performance.” Organizational Research Methods 13 (3): 540–561. doi:10.1177/1094428109335658.
  • Müller, J. M., O. Buliga, and K. I. Voigt. 2018. “Fortune Favors the Prepared: How SMEs Approach Business Model Innovations in Industry 4.0.” Technological Forecasting and Social Change 132: 2–17. doi:10.1016/j.techfore.2017.12.019.
  • Osborn, E. (2015). “Business versus Technology: Sources of the Perceived Lack of Cyber Security in SMEs.” CDT Technical Paper 01/15. University of Oxford.
  • Pérez-González, D., S. Preciado, and P. Solana-Gonzalez. 2019. “Organizational Practices as Antecedents of the Information Security Management Performance: An Empirical Investigation.” Information Technology & People 32 (5): 1262–1275. doi:10.1108/ITP-06-2018-0261.
  • Pirounias, S., D. Mermigas, and C. Patsakis. 2014. “The Relation between Information Security Events and Firm Market Value, Empirical Evidence on Recent Disclosures: An Extension of the GLZ Study.” Journal of Information Security and Applications 19 (4–5): 257–271. doi:10.1016/j.jisa.2014.07.001.
  • Podsakoff, P. M., S. B. MacKenzie, J. Y. Lee, and N. P. Podsakoff. 2003. “Common Method Biases in Behavioral Research: A Critical Review of the Literature and Recommended Remedies.” Journal of Applied Psychology 88 (5): 879–903. doi:10.1037/0021-9010.88.5.879.
  • Ponsard, C., J. Grandclaudon, and G. Dallons (2018). “Towards A Cyber Security Label for SMEs: A European Perspective.” In Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP 2018), pages 426–431. Funchal - Madeira, Portugal :Science and Technology Publications
  • Posey, C., T. L. Roberts, and P. B. Lowry. 2015. “The Impact of Organizational Commitment on Insiders’ Motivation to Protect Organizational Information Assets.” Journal of Management Information Systems 32 (4): 179–214. doi:10.1080/07421222.2015.1138374.
  • Sahoo, S. R., and S. B. Gupta. 2019. “Classification of Various Attacks and Their Defence Mechanism in Online Social Networks: A Survey.” Enterprise Information Systems 13 (6): 832–864. doi:10.1080/17517575.2019.1605542.
  • Sangani, N. K., and B. Vijayakumar. 2012. “Cyber Security Scenarios and Control for Small and Medium Enterprises.” Informatica Economica 16 (2): 58–71.
  • Seibold, C., W. Samek, A. Hilsmann, and P. Eisert. 2020. “Accurate and Robust Neural Networks for Face Morphing Attack Detection.” Journal of Information Security and Applications 53: 102526. doi:10.1016/j.jisa.2020.102526.
  • Somers, M. J., and J. C. Casal. 2009. “Using Artificial Neural Networks to Model Nonlinearity: The Case of the Job Satisfaction—job Performance Relationship.” Organizational Research Methods 12 (3): 403–417. doi:10.1177/1094428107309326.
  • Srinidhi, B., J. Yan, and G. K. Tayi. 2015. “Allocation of Resources to Cyber-security: The Effect of Misalignment of Interest between Managers and Investors.” Decision Support Systems 75: 49–62. doi:10.1016/j.dss.2015.04.011.
  • Sung, S., Y. Kim, and H. Chang. 2018. “Improving Collaboration between Large and Small-medium Enterprises in Automobile Production.” Enterprise Information Systems 12 (1): 19–35. doi:10.1080/17517575.2016.1161242.
  • Valli, C., I. C. Martinus, and M. N. Johnstone (2014). “Small to Medium Enterprise Cyber Security Awareness: An Initial Survey of Western Australian Business.” Proceedings of International Conference on Security and Management. (pp. 71–75). Las Vegas, USA. CSREA Press.
  • Wang, L., and Y. Zhang. 2020. “Linear Approximation Fuzzy Model for Fault Detection in Cyber-physical System for Supply Chain Management.” Enterprise Information Systems 1–18. doi:10.1080/17517575.2020.1791361.
  • Wang, Q. 2007. “Artificial Neural Networks as Cost Engineering Methods in a Collaborative Manufacturing Environment.” International Journal of Production Economics 109 (1): 53–64. doi:10.1016/j.ijpe.2006.11.006.
  • Wright, R. T., M. L. Jensen, J. B. Thatcher, M. Dinger, and K. Marett. 2014. “Research Note—influence Techniques in Phishing Attacks: An Examination of Vulnerability and Resistance.” Information Systems Research 25 (2): 385–400. doi:10.1287/isre.2014.0522.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.