University of Worcester Worcester Research and Publications

What Business Environment Changes Are Needed to Cause SMEs to Take a Strategic Approach to Information Security?

Henson, Richard and Garfield, Joy (2015) What Business Environment Changes Are Needed to Cause SMEs to Take a Strategic Approach to Information Security? In: 12th Annual International Conference on SMEs, Entrepreneurship and Innovation: Management –Marketing – Economic – Social Aspects, 27-30 July 2015, Athens, Greece. (Unpublished)

[img] Text
H__USB 12 Oct 2014_RESEARCH PAPERS_2015_Henson paper Vfinal.docx - Submitted Version

Download (49kB)
H__USB%2012%20Oct%202014_RESEARCH%20PAPERS_2015_Henson%20paper%20Vfinal.pdf - Submitted Version

Download (145kB) | Preview


In the fourteen years since “Economics of Information Security” started as a discipline, many articles have been written about management of information security within organisations. Most of the articles have focused on public sector or larger private sector companies perhaps with an implicit assumption that the research findings would also apply to and influence SMEs. In practice, the truth is that SMEs have been largely unmoved, and not enough research has examined this reality.

In this paper, the author seeks to explore the reasons why smaller SMEs in particular have consistently failed to see securing information as strategic year-on-year spending, and often just part of an overall tight IT budget. Spending on security therefore has to compete with demands for hardware, infrastructure, and strategic applications.

The author’s latest research scrutinises the typical SMEs reasoning choosing to see non-spending on security as an acceptable strategic risk. In terms of primary data-gathering, it looks particularly at possible reasons why SMEs tend not to take much notice of “scare stories” in the media which have consistently shown that SMEs are increasingly at risk as the information systems of larger businesses have taken greater precautions and become more difficult to penetrate.

The results and their analysis provide useful pointers towards the broader business environment changes that would cause SMEs to be more risk-averse and ethical in their approach to securing their own and their clients’ information.

Item Type: Conference or Workshop Item (Paper)
Uncontrolled Discrete Keywords: SME, Information Risk Management, Information Assurance, ISMS, Information Security Management Systems, Data Protection Legislation, EU Data Breaches Legislation, Economics of Information Security, Supply Chain, ISO27001, PCI-DSS, Cyber Essentials,
Subjects: T Technology > T Technology (General)
Divisions: College of Business, Psychology and Sport > Worcester Business School
Related URLs:
Depositing User: Joy Garfield
Date Deposited: 29 Sep 2015 07:16
Last Modified: 17 Jun 2020 17:08

Actions (login required)

View Item View Item
Worcester Research and Publications is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.