Staffordshire University logo
STORE - Staffordshire Online Repository

Defining a new composite cybersecurity rating scheme for SMEs in the U.K.

Rae, Andrew and PATEL, Asma (2019) Defining a new composite cybersecurity rating scheme for SMEs in the U.K. In: Information Security Practice and Experience: 15th International Conference, ISPEC 2019, Kuala Lumpur, Malaysia, November 26–28, 2019, Proceedings. Security and Cryptology (11879). Springer. ISBN 978-3-030-34338-5 (In Press)

[img] Text
ISPEC19V3Comments.pdf - AUTHOR'S ACCEPTED Version (default)
Restricted to Repository staff only until 28 December 2020.
Available under License All Rights Reserved.

Download (444kB) | Request a copy

Abstract or description

The 5.7 million small to medium enterprises (SMEs) in the U.K. play a vital role in the national economy, contributing 51% of the private sector. However, the cyber threats for SMEs are increasing with four in ten of businesses experiencing a cyber attack in the last twelve months. One significant treatment of this growing concern is in the implementation of long-established information security standards and best practices. Yet, most SMEs are not undergoing the certification process, even though the current threats are now widely published by the government. In this paper, we look at the disconnect of cyber threats faced by SMEs considering their current security postures and perceptions. We also identify the influencing factors needed to improve security behaviours and engagements with information security best-practices. We then propose a new foundational composite cybersecurity rating scheme aimed at SMEs. The focus of our scheme is to ascertain and measure the security behaviours, perceptions and risk propensity of each SME, as well as their technical systems. To that end, we define our 5x5 matrices based scheme by combining the measurements ascertained from the behavioural as well as technical audits. The preliminary evaluation results demonstrate that this approach provides a higher level of insight, engagement and accuracy as to an SME's individual security posture.

Item Type: Book Chapter, Section or Conference Proceeding
Additional Information: Presented at the 15th International Conference, ISPEC 2019, Kuala Lumpur, Malaysia, November 26–28, 2019
Faculty: School of Computing and Digital Technologies > Computing
Depositing User: Asma PATEL
Date Deposited: 22 Oct 2019 12:45
Last Modified: 22 Oct 2019 12:45
URI: http://eprints.staffs.ac.uk/id/eprint/5922

Actions (login required)

View Item View Item

DisabledGo Staffordshire University is a recognised   Investor in People. Sustain Staffs
Legal | Freedom of Information | Site Map | Job Vacancies
Staffordshire University, College Road, Stoke-on-Trent, Staffordshire ST4 2DE t: +44 (0)1782 294000