Assessing Cybersecurity Readiness Among SME

Alexander Zeisler; Bjarne Lill; Clemens Sauerwein; Carina Hochstrasser; Nico Mexis

doi:10.5220/0013353400003929

Assessing Cybersecurity Readiness Among SME

Alexander Zeisler, Bjarne Lill^*, Clemens Sauerwein, Carina Hochstrasser, Nico Mexis

^*Corresponding author for this work

Logistics & Operations Management

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Information security is a critical issue for small and medium-sized enterprises (SMEs) around the world. These organisations face an increasing number of security incidents and the sophistication of attacks. In order to remain competitive and protect their and their customers’ critical information, it is essential that SMEs can manage their cybersecurity risks appropriately. Accordingly, it is important that these SMEs can rely
on tailored information security assessments and frameworks. However, there is a scarcity of knowledge regarding their specific needs and the practical implementation of cybersecurity within these organisations. To address this knowledge gap, an exploratory study was conducted on the SME cybersecurity situation, with a particular focus on the implementation level of cybersecurity controls within SMEs in Austria and Germany. We surveyed 30 SMEs regarding their cybersecurity implementation situation in 2023. Our findings show, among other things, a very heterogeneous picture regarding the implementation level of cybersecurity controls and outline areas for action.

Original language	American English
Title of host publication	Proceedings of the 27th International Conference on Enterprise Information Systems - (Volume 2)
Pages	253
Number of pages	263
DOIs	https://doi.org/10.5220/0013353400003929
Publication status	Published - 17 Apr 2025

Classification according to Österreichische Systematik der Wissenschaftszweige (ÖFOS 2012)

202022 Information technology

Applied Research Level (ARL)

ARL Level 1 - Observation and description of a principle

Research focus/foci

Social Innovation

Access to Document

10.5220/0013353400003929

Cite this

@inproceedings{e943fedccb784d988f3cc7cdf099bc35,

title = "Assessing Cybersecurity Readiness Among SME",

abstract = "Information security is a critical issue for small and medium-sized enterprises (SMEs) around the world. These organisations face an increasing number of security incidents and the sophistication of attacks. In order to remain competitive and protect their and their customers{\textquoteright} critical information, it is essential that SMEs can manage their cybersecurity risks appropriately. Accordingly, it is important that these SMEs can relyon tailored information security assessments and frameworks. However, there is a scarcity of knowledge regarding their specific needs and the practical implementation of cybersecurity within these organisations. To address this knowledge gap, an exploratory study was conducted on the SME cybersecurity situation, with a particular focus on the implementation level of cybersecurity controls within SMEs in Austria and Germany. We surveyed 30 SMEs regarding their cybersecurity implementation situation in 2023. Our findings show, among other things, a very heterogeneous picture regarding the implementation level of cybersecurity controls and outline areas for action.",

keywords = "SMEs, cybersecurity, Small and medium enterprises (SME)",

author = "Alexander Zeisler and Bjarne Lill and Clemens Sauerwein and Carina Hochstrasser and Nico Mexis",

year = "2025",

month = apr,

day = "17",

doi = "10.5220/0013353400003929",

language = "Englisch (Amerika)",

pages = "253",

booktitle = "Proceedings of the 27th International Conference on Enterprise Information Systems - (Volume 2)",

}

TY - GEN

T1 - Assessing Cybersecurity Readiness Among SME

AU - Zeisler, Alexander

AU - Lill, Bjarne

AU - Sauerwein, Clemens

AU - Hochstrasser, Carina

AU - Mexis, Nico

PY - 2025/4/17

Y1 - 2025/4/17

N2 - Information security is a critical issue for small and medium-sized enterprises (SMEs) around the world. These organisations face an increasing number of security incidents and the sophistication of attacks. In order to remain competitive and protect their and their customers’ critical information, it is essential that SMEs can manage their cybersecurity risks appropriately. Accordingly, it is important that these SMEs can relyon tailored information security assessments and frameworks. However, there is a scarcity of knowledge regarding their specific needs and the practical implementation of cybersecurity within these organisations. To address this knowledge gap, an exploratory study was conducted on the SME cybersecurity situation, with a particular focus on the implementation level of cybersecurity controls within SMEs in Austria and Germany. We surveyed 30 SMEs regarding their cybersecurity implementation situation in 2023. Our findings show, among other things, a very heterogeneous picture regarding the implementation level of cybersecurity controls and outline areas for action.

AB - Information security is a critical issue for small and medium-sized enterprises (SMEs) around the world. These organisations face an increasing number of security incidents and the sophistication of attacks. In order to remain competitive and protect their and their customers’ critical information, it is essential that SMEs can manage their cybersecurity risks appropriately. Accordingly, it is important that these SMEs can relyon tailored information security assessments and frameworks. However, there is a scarcity of knowledge regarding their specific needs and the practical implementation of cybersecurity within these organisations. To address this knowledge gap, an exploratory study was conducted on the SME cybersecurity situation, with a particular focus on the implementation level of cybersecurity controls within SMEs in Austria and Germany. We surveyed 30 SMEs regarding their cybersecurity implementation situation in 2023. Our findings show, among other things, a very heterogeneous picture regarding the implementation level of cybersecurity controls and outline areas for action.

KW - SMEs

KW - cybersecurity

KW - Small and medium enterprises (SME)

U2 - 10.5220/0013353400003929

DO - 10.5220/0013353400003929

M3 - Konferenzbeitrag

SP - 253

BT - Proceedings of the 27th International Conference on Enterprise Information Systems - (Volume 2)

ER -