Khan, Neeshe, Furnell, Steven, Bada, Maria, Nurse, Jason R. C., Rand, Matthew (2025) The hidden barriers to cyber security adoption amongst Small and Medium-Sized Enterprises. Information and Computer Security, . ISSN 2056-4961. (doi:10.1108/ICS-04-2025-0135) (KAR id:110491)
|
PDF
Author's Accepted Manuscript
Language: English 
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
|
|
|
Download this file (PDF/556kB) |
Preview |
| Request a format suitable for use with assistive technology e.g. a screenreader | |
| Official URL: https://doi.org/10.1108/ICS-04-2025-0135 |
|
Abstract
Purpose
Small and medium-sized enterprises (SMEs) share many of the same cyber security needs and challenges as larger organisations but often have significantly less knowledge and capability to deal with them. A fundamental initial issue can be locating relevant information, with the natural route for SMEs seeking and referring to related guidance found online. This can be challenging considering the volume and variety of sources that can consequently be located. This paper aims to explore the barriers to cyber security adoption faced by SMEs potentially stemming from the coverage, completeness and clarity of online guidance documents.
Design/methodology/approach
An assessment of over 30 UK-based guidance sources with two subsequent semi-structured interview-based studies with 24 participants (12 providers and 12 SMEs).
Findings
Results from the assessment reveal that there is significant diversity in the materials that SMEs may be presented with, potentially leading to inconsistent and ill-informed decision-making and confusion. Findings from subsequent interviews highlight the impact of guidance-related vectors when implementing advice. These aspects are exacerbated by SMEs’ reactive needs, internal limitations and awareness of cyber security – hindering their ability to act competently in the context of cyber security.
Originality/value
This contributes to a limited amount of research of how SMEs seek support for cyber security and the effectiveness and impact of online guidance. It also explores this theme from the viewpoint of SMEs and providers in tandem to offer a deeper understanding of security adoption through their lived experiences.
| Item Type: | Article |
|---|---|
| DOI/Identification number: | 10.1108/ICS-04-2025-0135 |
| Additional information: | This author accepted manuscript is deposited under a Creative Commons Attribution Non-commercial 4.0 International (CC BY-NC) licence. This means that anyone may distribute, adapt, and build upon the work for non-commercial purposes, subject to full attribution. If you wish to use this manuscript for commercial purposes, please contact permissions@emerald.com. |
| Uncontrolled keywords: | Cyber Security, Guidance, Small Business, SME, SMB, Support |
| Subjects: |
H Social Sciences > H Social Sciences (General) H Social Sciences > HF Commerce > HF5351 Business Q Science > Q Science (General) |
| Institutional Unit: |
Schools > School of Computing Institutes > Institute of Cyber Security for Society |
| Former Institutional Unit: |
There are no former institutional units.
|
| Funders: | Engineering and Physical Sciences Research Council (https://ror.org/0439y7842) |
| Depositing User: | Jason Nurse |
| Date Deposited: | 02 Jul 2025 20:14 UTC |
| Last Modified: | 24 Sep 2025 02:55 UTC |
| Resource URI: | https://kar.kent.ac.uk/id/eprint/110491 (The current URI for this page, for reference purposes) |
University of Kent Author Information
Nurse, Jason R. C..
| Creator's ORCID: |
 https://orcid.org/0000-0003-4118-1680
|
|---|---|
| CReDIT Contributor Roles: |
- Link to SensusAccess
- Export to:
- RefWorks
- EPrints3 XML
- BibTeX
- CSV
- Depositors only (login required):
Altmetric
Altmetric
