Cyber risk management in SMEs: insights from industry surveys
ISSN: 1526-5943
Article publication date: 19 July 2021
Issue publication date: 19 November 2021
Abstract
Purpose
This article aims to gain insights on the current state of small- and medium-sized enterprises’ (SMEs’) cyber risk management process and to derive future research directions.
Design/methodology/approach
This is done by collecting market insights from 37 recent industry surveys and structuring them based on the steps of the risk management process. From this analysis, major challenges are derived and future fields of research identified.
Findings
The results indicate that deficiencies in risk culture as well as the strained market for IT experts are the major obstacles with respect to the implementation of cyber risk management in SMEs, and that these challenges are similar across countries. The findings suggest that especially the relationship between cyber security culture and cyber risk management should be investigated further, and that a stronger link between the research streams on enterprise risk management and cyber risk management would be desirable.
Originality/value
This paper contributes to the literature by providing a systematic overview on the current state of SMEs' cyber risk management from a market perspective. The findings provide support for the existing academic literature by emphasizing the central role of cyber security culture (perception, knowledge, attitude) for a successful cyber risk management, which however should be addressed in more depth in future (empirical) research.
Keywords
Citation
Hoppe, F., Gatzert, N. and Gruner, P. (2021), "Cyber risk management in SMEs: insights from industry surveys", Journal of Risk Finance, Vol. 22 No. 3/4, pp. 240-260. https://doi.org/10.1108/JRF-02-2020-0024
Publisher
:Emerald Publishing Limited
Copyright © 2021, Emerald Publishing Limited