Worcester Research and Publications

SEARCH EPRINTS:

USER PANEL:

Registered Users - Log in using your University of Worcester ID and Password to submit items to the repository.

ABOUT THE COLLECTION:

WRaP is a collection of research papers and university publications. It presents the academic and creative work of the university. You are welcome to look for and obtain items of interest and make contact with the authors and creators.

CONTACT DETAILS:

All correspondence about WRaP should be sent to the Repository Manager.

What Business Environment Changes Are Needed to Cause SMEs to Take a Strategic Approach to Information Security?

Lists

Tools

Henson, Richard and Garfield, Joy (2015) What Business Environment Changes Are Needed to Cause SMEs to Take a Strategic Approach to Information Security? In: 12th Annual International Conference on SMEs, Entrepreneurship and Innovation: Management –Marketing – Economic – Social Aspects, 27-30 July 2015, Athens, Greece. (Unpublished)

	Text H__USB 12 Oct 2014_RESEARCH PAPERS_2015_Henson paper Vfinal.docx - Submitted Version Restricted to Repository staff only Download (49kB) \| Request a copy
	Text H__USB%2012%20Oct%202014_RESEARCH%20PAPERS_2015_Henson%20paper%20Vfinal.pdf - Submitted Version Restricted to Repository staff only Download (145kB) \| Request a copy

Abstract

In the fourteen years since “Economics of Information Security” started as a discipline, many articles have been written about management of information security within organisations. Most of the articles have focused on public sector or larger private sector companies perhaps with an implicit assumption that the research findings would also apply to and influence SMEs. In practice, the truth is that SMEs have been largely unmoved, and not enough research has examined this reality.

In this paper, the author seeks to explore the reasons why smaller SMEs in particular have consistently failed to see securing information as strategic year-on-year spending, and often just part of an overall tight IT budget. Spending on security therefore has to compete with demands for hardware, infrastructure, and strategic applications.

The author’s latest research scrutinises the typical SMEs reasoning choosing to see non-spending on security as an acceptable strategic risk. In terms of primary data-gathering, it looks particularly at possible reasons why SMEs tend not to take much notice of “scare stories” in the media which have consistently shown that SMEs are increasingly at risk as the information systems of larger businesses have taken greater precautions and become more difficult to penetrate.

The results and their analysis provide useful pointers towards the broader business environment changes that would cause SMEs to be more risk-averse and ethical in their approach to securing their own and their clients’ information.

Item Type:	Conference or Workshop Item (Paper)
Uncontrolled Discrete Keywords:	SME, Information Risk Management, Information Assurance, ISMS, Information Security Management Systems, Data Protection Legislation, EU Data Breaches Legislation, Economics of Information Security, Supply Chain, ISO27001, PCI-DSS, Cyber Essentials,
Subjects:	T Technology > T Technology (General)
Divisions:	College of Business, Psychology and Sport > Worcester Business School
Related URLs:	http://www.atiner.gr/sme.htm
Depositing User:	Joy Garfield
Date Deposited:	29 Sep 2015 07:16
Last Modified:	11 Jun 2024 14:27
URI:	https://worc-9.eprints-hosting.org/id/eprint/4002

Actions (login required)

View Item

© University of Worcester Henwick Grove, WR2 6AJ Tel: 01905 855000 | Materials in WRaP are protected by copyright and other intellectual property rights. By using WRaP you agree to abide by UK copyright laws.

Worcester Research and Publications is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.