Design and evaluation of a self-paced cybersecurity tool
Information and Computer Security
ISSN: 2056-4961
Article publication date: 26 April 2023
Issue publication date: 19 May 2023
Abstract
Purpose
This paper aims to present the evaluation of a self-paced tool, CyberSecurity Coach (CYSEC), and discuss the adoption of CYSEC for cybersecurity capability improvement in small- and medium-sized enterprises (SMEs). Cybersecurity is increasingly a concern for SMEs. Previous literature has explored the role of tools for awareness raising. However, few studies validated the effectiveness and usefulness of cybersecurity tools for SMEs in real-world practices.
Design/methodology/approach
This study is built on a qualitative approach to investigating how CYSEC is used in SMEs to support awareness raising and capability improvement. CYSEC was placed in operation in 12 SMEs. This study first conducted a survey study and then nine structured interviews with chief executive officers (CEOs) and chief information security officers (CISO).
Findings
The results emphasise that SMEs are heterogeneous. Thus, one cybersecurity solution may not suit all SMEs. The findings specify that the tool’s adoption varied quite widely. Four factors are primary determinants influencing the adoption of CYSEC: personalisation features, CEOs’ or CISOs’ awareness level, CEOs’ or CISOs’ cybersecurity and IT knowledge and skill and connection to cybersecurity expertise.
Originality/value
This empirical study provides new insights into how a self-paced tool has been used in SMEs. This study advances the understanding of cybersecurity activities in SMEs by studying the adoption of CYSEC. Moreover, this study proposes significant dimensions for future research.
Keywords
Acknowledgements
This work has received funding from the European Union's Horizon 2020 research and innovation programme under grant agreements No. 740787 (SMESEC), No. 883588 (GEIGER), and the Swiss State Secretariat for Education, Research and Innovation (SERI) under contract number 17.00067. The opinions expressed and arguments employed herein do not necessarily reflect the official views of these funding bodies.
Citation
Shojaifar, A. and Fricker, S.A. (2023), "Design and evaluation of a self-paced cybersecurity tool", Information and Computer Security, Vol. 31 No. 2, pp. 244-262. https://doi.org/10.1108/ICS-09-2021-0145
Publisher
:Emerald Publishing Limited
Copyright © 2023, Emerald Publishing Limited