Skip to main content
Kent Academic Repository

Developing cybersecurity education and awareness programmes for small and medium-sized enterprises (SMEs)

Bada, Maria, Nurse, Jason R. C. (2019) Developing cybersecurity education and awareness programmes for small and medium-sized enterprises (SMEs). Information and Computer Security, 27 (3). pp. 393-410. ISSN 2056-4961. (doi:10.1108/ICS-07-2018-0080) (KAR id:73481)


An essential component of an organisation’s cybersecurity strategy is building awareness and education of online threats, and how to protect corporate data and services. This research article focuses on this topic and proposes a high-level programme for cybersecurity education and awareness to be used when targeting Small-to-Medium-sized Enterprises/Businesses (SMEs/SMBs) at a city-level. We ground this programme in existing research as well as unique insight into an ongoing city-based project with similar aims. To structure our work, we begin by conducting a scoping review of the literature in cybersecurity education and awareness, particularly for SMEs/SMBs. This theoretical analysis is then complemented by using a case study and reflecting on an ongoing, innovative programme that seeks to work with these businesses to significantly enhance their security posture. From these analyses, we extract best practice and important lessons/recommendations to produce a high-level programme for cybersecurity education and awareness. We find that whilst literature can be informative at guiding education and awareness programmes, it may not always reach real-world programmes. On the other hand, existing programmes, such as the one we explored, have great potential but there can also be room for improvement. Knowledge from each of these areas can, and should, be combined to the benefit of the academic and practitioner communities. The study contributes to current research through the outline of a high-level programme for cybersecurity education and awareness targeting SMEs/SMBs. Through this research, we engage in a reflection of literature in this space, and present insights into the advances and challenges faced by an on-going programme. These analyses allow us to craft a proposal for a core programme that can assist in improving the security education, awareness and training that targets SMEs/SMBs.

Item Type: Article
DOI/Identification number: 10.1108/ICS-07-2018-0080
Uncontrolled keywords: cybersecurity, education, awareness, skills, Small-to-Medium-sized Enterprises (SMEs), Small-to-Medium-sized Business (SMBs)
Subjects: H Social Sciences > HF Commerce
Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science
T Technology
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Jason Nurse
Date Deposited: 14 Apr 2019 07:19 UTC
Last Modified: 04 Mar 2024 19:17 UTC
Resource URI: (The current URI for this page, for reference purposes)

University of Kent Author Information

  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.