The Small and Medium-sized Enterprises’ (SMEs) level of organizational cybersecurity readiness has been poorly investigated to date. Currently, all SMEs need to maintain an adequate level of cybersecurity to run their businesses, not only those wishing to fully exploit digitalization’s benefits. Unfortunately, due to their lack of resources, skills, and their low level of cyber awareness, SMEs often seem unprepared. It is essential that they address the digital threats that they face by using technology and complementary (and not alternative) factors, such as guidelines, formal policies, and training. All these elements trigger development processes regarding skills, awareness, the organizational cybersecurity culture, and the organizational resilience. This paper describes Italy’s first multidisciplinary attempt to assess its SMEs’ overall cybersecurity readiness level. We used a survey as its initial quantitative assessment approach, although SMEs can also use it as a cyber self-assessment tool, which prepares them better to navigate the digital ecosystem. Thereafter, we held semi-structured interviews to explore the critical points that had emerged from the study’s first phase. The overall results show that SMEs have not yet achieved high levels of organizational readiness. SMEs are currently starting to set the stage for their organizational cyber readiness and will, therefore, have to take many more proactive steps to address their cyber challenges.

Assessing SMEs’ cybersecurity organizational readiness: Findings from an Italian survey

Martina Neri
Primo
;
Federico Niccolini
Secondo
;
2022-01-01

Abstract

The Small and Medium-sized Enterprises’ (SMEs) level of organizational cybersecurity readiness has been poorly investigated to date. Currently, all SMEs need to maintain an adequate level of cybersecurity to run their businesses, not only those wishing to fully exploit digitalization’s benefits. Unfortunately, due to their lack of resources, skills, and their low level of cyber awareness, SMEs often seem unprepared. It is essential that they address the digital threats that they face by using technology and complementary (and not alternative) factors, such as guidelines, formal policies, and training. All these elements trigger development processes regarding skills, awareness, the organizational cybersecurity culture, and the organizational resilience. This paper describes Italy’s first multidisciplinary attempt to assess its SMEs’ overall cybersecurity readiness level. We used a survey as its initial quantitative assessment approach, although SMEs can also use it as a cyber self-assessment tool, which prepares them better to navigate the digital ecosystem. Thereafter, we held semi-structured interviews to explore the critical points that had emerged from the study’s first phase. The overall results show that SMEs have not yet achieved high levels of organizational readiness. SMEs are currently starting to set the stage for their organizational cyber readiness and will, therefore, have to take many more proactive steps to address their cyber challenges.
2022
Neri, Martina; Niccolini, Federico; Pugliese., Rosario
File in questo prodotto:
File Dimensione Formato  
0C3QnQ-OJAKM_Volume10_2pp1-22.pdf

accesso aperto

Descrizione: Assessing SMEs’ cybersecurity organizational readiness: Findings from an Italian survey
Tipologia: Versione finale editoriale
Licenza: Creative commons
Dimensione 5.39 MB
Formato Adobe PDF
5.39 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11568/1152579
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact