Inventorying Cybersecurity Research on SMEs: a Systematic Review on What We Can Prove

Abstract

This paper aims to coallate available research on cybersecurity in small-to-medium enterprises (SMEs). While it is universally agreed that SMEs are largely underprepared and underequipped to deal with cybersecurity threats, it seems to be a fact that is taken for granted rather than empirically proven and explored. In order to fully examine this phenomenon, the author has conducted a systematic review on the available literature surrounding cybersecurity in SMEs to catalog the datapoints previous researchers have published and paint a detailed picture of what cybersecurity actually looks like for small-to-medium enterprises. The findings suggest that while the commonly accepted beliefs on SME cybersecurity are likely accurate, there is less evidence for this assertion and less depth to the examination than may be necessary. The gap between academia and business spheres is also a contributor to the knowledge gap as business-led surveys and case studies are often not made public. Additionally, the geographic concentration of these studies is unbalanced, resulting in large portions of the world's SME ecosystems unexamined.

Start Time

15-4-2026 3:30 PM

End Time

15-4-2026 4:30 PM

Room Number

219

Presentation Type

Oral Presentation

Presentation Subtype

UG Orals

Presentation Category

Science, Technology, and Engineering

Student Type

Undergraduate Student

Faculty Mentor

Brian Bennett

This document is currently not available here.

Share

COinS
 
Apr 15th, 3:30 PM Apr 15th, 4:30 PM

Inventorying Cybersecurity Research on SMEs: a Systematic Review on What We Can Prove

219

This paper aims to coallate available research on cybersecurity in small-to-medium enterprises (SMEs). While it is universally agreed that SMEs are largely underprepared and underequipped to deal with cybersecurity threats, it seems to be a fact that is taken for granted rather than empirically proven and explored. In order to fully examine this phenomenon, the author has conducted a systematic review on the available literature surrounding cybersecurity in SMEs to catalog the datapoints previous researchers have published and paint a detailed picture of what cybersecurity actually looks like for small-to-medium enterprises. The findings suggest that while the commonly accepted beliefs on SME cybersecurity are likely accurate, there is less evidence for this assertion and less depth to the examination than may be necessary. The gap between academia and business spheres is also a contributor to the knowledge gap as business-led surveys and case studies are often not made public. Additionally, the geographic concentration of these studies is unbalanced, resulting in large portions of the world's SME ecosystems unexamined.