On the path to cyber organizational resilience: shedding light on the context of SMEs

Purpose– Historically, discussion of organizational resilience (OR) was dedicated to a generic event. However, nowadays a new research domain oriented to the cyber side of OR (i.e. cyber-OR) has developed. Inspired by the principles of Resilience Engineering and adaptive capacity theories, this research aims to assess cyber-OR tools and practices in the context of Italian small and medium-sized enterprises (SMEs) alongside the hindering factors they encounter while implementing cyber-OR practices. The SME context is particularly suitable for this investigation due to the excessive cyberattacks they face and the crucial economic role they play in many Western countries, including Italy. Design/methodology/approach– The qualitative research design used semistructured interviews and data collected from 31 Italian SMEs. Data analysis followed thematic analysis principles using the NVivo 12 software package. Findings– Results show a low level of cyber-OR across the SMEs the authors assessed, especially in the post-event phase. Moreover, SMEs are affected by several factors that hinder cybersecurity (i.e. lack of awareness, lack of resources and budget, and small organization size). Practical implications– The authors offer a new perspective for practitioners and institutions to develop frameworks and strategies targeted for SMEs to overcome the effects posed by the hindering factors that are still unclear in the cyber-OR domain. Originality/value– This research advances knowledge in the context of cyber-OR and SMEs, an area which needs further investigation.