An exploration of cyber-security risk management in small businesses: The case UK Micro and Small firms

The issue of cybersecurity has been receiving increased attention in recent years and with the exponential use of Information and Communications Technologies, the scope for information related security threats via the Internet has expanded drastically. The current cyber threat levels are creating significant pressures on businesses both small and large and policy makers are actively pursuing avenues to deal with the changing landscape of information related security threats. In Europe, Small and Medium Sized Enterprises (SMEs)1 make up more than 99.5% of all registered enterprises and Cybercrime is of major concern to all of them. Indeed a poll of 500 SMEs in the UK, conducted by Barclaycard earlier in 2017, found that 44% were worried about being hit by cybercrime or a data breach. Micro/ Small businesses have different firm characteristics when compared to medium enterprises. It is in this context that this research work is set; its main aim is to understand how small/micro businesses entrepreneurs manage cyber security threats at an operational level. It explores attitudes, knowledge, training, and risk management practices towards cyber threats in a small firm context.