Human and organisational factors influencing the preparedness of small and medium-sized enterprises against cyber-attacks in developing countries
Main Article Content
Keywords
Cyber Attack, Computer Intrusion, Cybersecurity, Security Challenges, Human Talent
Abstract
Small and medium-sized enterprises (SMEs) are particularly susceptible to cyber-attacks, which can have considerable ramifications for both the organisation and the global economy. These include, for example, phishing, ransomware, denial-of-service attacks, malware and Trojans. Notwithstanding the latent nature of the problem, there remains a research gap in the study of cyber-attacks among organisations. The objective of this research is to examine the factors that influence the occurrence of cyber-attacks on SMEs in a developing country. To this end, a quantitative study was conducted. A total of 112 surveys were collected and analysed using SmartPLS 4 software, with the aid of a Partial Least Squares PLS-SEM proposed and developed. The findings indicate that a significant proportion of SMEs, 33%, have experienced a cyber-attack. Furthermore, the study identified the two most significant factors influencing cyber-attacks on SMEs: human talent and resources. Furthermore, the study emphasised the importance of cyber awareness, supplier relationships and organisational cybersecurity preparedness. These findings have practical implications for small and medium-sized enterprises (SMEs), the education sector, and the closing of the research gap concerning cyber-attacks in these organisations. This study makes a contribution to existing knowledge about the information security challenges faced by small businesses in emerging economies.
References
Ajzen, I. (1991). The theory of planned behavior. Organizational Behavior and Human Decision Processes, 50(2): 179-211. https://doi.org/10.1016/0749-5978(91)90020-T
Alarifi, S. H. (2023a). Small and Medium Businesses Readiness towards cyber attacks in Saudi Arabia. Global Economics Review, VIII, 113–126. https://doi.org/10.31703/ger.2023(VIII-I).11
Alarifi, S. H. (2023b). Small and Medium Businesses Readiness towards cyber attacks in Saudi Arabia. Global Economics Review, VIII(I), 113–126. https://doi.org/10.31703/ger.2023(VIII-I).11
Alharbi, F., Alsulami, M., AL-Solami, A., Al-Otaibi, Y., Al-Osimi, M., Al-Qanor, F., & Al-Otaibi, K. (2021). The Impact of Cybersecurity Practices on cyber attack Damage: The Perspective of Small Enterprises in Saudi Arabia. Sensors, 21, 6901. https://doi.org/10.3390/s21206901
Alhayani, B., Abbas, S. T., Khutar, D. Z., & Mohammed, H. J. (2021). WITHDRAWN: Best ways computation intelligent of face cyber attacks. https://doi.org/10.1016/j.matpr.2021.02.557
Alohali, M. A., Al-Wesabi, F. N., Hilal, A. M., Goel, S., Gupta, D., & Khanna, A. (2022). Artificial intelligence enabled intrusion detection systems for cognitive cyber-physical systems in industry 4.0 environment. Cognitive Neurodynamics, 16(5), 1045–1057. https://doi.org/10.1007/S11571-022-09780-8/METRICS
Amora, J. T. (2021). Convergent validity assessment in PLS-SEM: A loadings-driven approach. Data Analysis Perspectives Journal, 2, 1–6.
Armenia, S., Angelini, M., Nonino, F., Palombi, G., & Schlitzer, M. F. (2021). A dynamic simulation approach to support the evaluation of cyber risks and security investments in SMEs. Decis Support Syst, 147, 113580. https://doi.org/10.1016/j.dss.2021.113580
Aschwanden, R., Messner, C., Höchli, B., & Holenweger, G. (2024). Employee behavior: the psychological gateway for cyber attacks. Organizational Cybersecurity Journal: Practice, Process and People, 4, 32–50. https://doi.org/10.1108/OCJ-02-2023-0004
Asis, E. H. R., Maguiña, M. R. E., infantes, S. M. E., & Toro, M. E. N. (2020). Inteligencia emocional, competencias y desempeño del docente universitario: Aplicando la técnica mínimos cuadrados parciales SEM-PLS. Revista Electrónica Interuniversitaria de Formación Del Profesorado, 23, 99–114. https://doi.org/10.6018/reifop.428261
Aslan, Ö., Aktuğ, S. S., Ozkan-Okay, M., Yilmaz, A. A., & Akin, E. (2023). A Comprehensive Review of Cyber Security Vulnerabilities, Threats, Attacks, and Solutions. Electronics (Basel, 12. https://doi.org/10.3390/electronics12061333
Bagozzi, R. P., & Heatherton, T. F. (1994). A general approach to representing multifaceted personality constructs: Application to state self‐esteem. Struct Equ Modeling, 1, 35–67. https://doi.org/10.1080/10705519409539961
Baker, M. (2016). Striving for effective cyber workforce development.
Barney, J. (1991). Firm resources and sustained competitive advantage. Journal of Management, 17(1), 99–120. https://doi.org/10.1177/014920639101700108
Becker, J.-M., Cheah, J.-H., Gholamzade, R., Ringle, C. M., & Sarstedt, M. (2023). PLS-SEM’s most wanted guidance. International Journal of Contemporary Hospitality Management, 35, 321–346. https://doi.org/10.1108/IJCHM-04-2022-0474
Bhatti, B. M., Mubarak, S., & Nagalingam, S. (2021). Information security implications of using NLP in IT outsourcing: a Diffusion of Innovation theory perspective. Automated Software Engineering, 28, 12. https://doi.org/10.1007/s10515-021-00286-x
Blanco Esteban, L. F. (2022). Bailando con lobos: la estrategia de ciberseguridad en la organización. RUIDERAe: Revista de Unidades de Información, 19, 1–9.
Cano, J. J. (2022). La cadena de suministro digital. Revista Sistemas, 164, 53–63. https://doi.org/10.29236/sistemas.n164a6
Carlton, M., Levy, Y., & Ramim, M. (2019). Mitigating cyber attacks through the measurement of non-IT professionals’ cybersecurity skills. Information & Computer Security, 27, 101–121. https://doi.org/10.1108/ICS-11-2016-0088
Chang, L. Y. C., & Coppel, N. (2020a). Building cyber security awareness in a developing country: Lessons from Myanmar. Comput Secur, 97, 101959. https://doi.org/10.1016/j.cose.2020.101959
Chang, L. Y. C., & Coppel, N. (2020b). Building cyber security awareness in a developing country: Lessons from Myanmar. Computers & Security, 97, 101959. https://doi.org/10.1016/j.cose.2020.101959
Chaudhary, S., Gkioulos, V., & Katsikas, S. (2023). A quest for research and knowledge gaps in cybersecurity awareness for small and medium-sized enterprises. Comput Sci Rev, 50, 100592. https://doi.org/10.1016/j.cosrev.2023.100592
Chen, J.-K., Lin, Y.-H., & Chang, C.-H. (2021). Cyber security training and awareness for small and medium enterprises. In 2021 IEEE International Conference on Consumer Electronics-Taiwan (GCCE) (pp. 1–2). IEEE. https://doi.org/10.1109/GCCE53005.2021.9621945
Cheung, G. W., & Wang, C. (2017). Current Approaches for Assessing Convergent and Discriminant Validity with SEM: Issues and Solutions. Academy of Management Proceedings 2017, 12706. https://doi.org/10.5465/AMBPP.2017.12706abstract
Chidukwani, A., Zander, S., & Koutsakis, P. (2022). A Survey on the Cyber Security of Small-to-Medium Businesses: Challenges, Research Focus and Recommendations. IEEE Access, 10, 85701–85719. https://doi.org/10.1109/ACCESS.2022.3197899
Chidukwani, A., Zander, S., & Koutsakis, P. (2024). Cybersecurity preparedness of small-to-medium businesses: A Western Australia study with broader implications. Comput Secur, 145. https://doi.org/10.1016/j.cose.2024.104026
Chikwendu, S. C., & Oli, N. P. (2023). Human Factors influencing Compliance to Cyber Security Practices by Employees of Public Universities in Southeast Nigeria. International Journal of Information Security, Privacy and Digital Forensics, 7, 1–10.
Development Bank of Latin American and The Caribbean. (2023). Supporting SMEs
for more productive countries. https://www.caf.com/media/4663668/impacto-caf-support-to-smes-full-report.pdf?utm_source=chatgpt.com
De Jesús Zambrano Miranda, M., De la Cruz Almanza, S. A., Villamizar, J. A. P., Uribe, S. M. B., & Arias, I. C. R. (2025). Informalidad empresarial en micronegocios de colombia: evidencia desde cúcuta y su área metropolitana. Semestre Económico, 28(65), 1-24. https://doi.org/10.22395/seec.v28n65a5054
Deutrom, J., Katos, V., & Ali, R. (2022). Loneliness, life satisfaction, problematic internet use and security behaviours: re-examining the relationships when working from home during COVID-19. Behaviour & Information Technology, 41(14), 3161–3175. https://doi.org/10.1080/0144929X.2021.1973107
Díaz-Piraquive, F. N., De Jesús Muriel-Perea, Y., & González-Crespo, R. (2023). Cybersecurity Management in Micro, Small, and Medium Enterprises in Colombia. En Communications in computer and information science (pp. 74-85). https://doi.org/10.1007/978-3-031-34045-1_8
dos Santos, P. M., & Cirillo, M. Â. (2023). Construction of the average variance extracted index for construct validation in structural equation models with adaptive regressions. Communications in Statistics: Simulation and Computation, 52(4), 1639–1650. https://doi.org/10.1080/03610918.2021.1888122
Fadilah, A. N., & Putranto, N. A. R. (2023). Influence of Employer Branding Dimensions on Generation Z Women’s Intention to Apply For a Job with Person-Organization Fit as Mediating Variable. Journal Integration of Social Studies and Business Development, 1, 91–101. https://doi.org/10.58229/jissbd.v1i2.110
Fey, C. F., Hu, T., & Delios, A. (2023). The Measurement and Communication of Effect Sizes in Management Research. Management and Organization Review, 19, 176–197.
Fonseca-Herrera, O. A., Rojas, A. E., & Florez, H. (2021). A Model of an Information Security Management System Based on NTC-ISO/IEC 27001 Standard. IAENG Int J Comput Sci, 48, 1–10.
George, A. S., Baskar, T., & Srikaanth, B. (2024). Cyber Threats to Critical Infrastructure: Assessing Vulnerabilities Across Key Sectors. Partners Universal International Innovation Journal(PUIIJ, 2, 51–75.
Hair, J. F., Risher, J. J., Sarstedt, M., & Ringle, C. M. (2019). When to use and how to report the results of PLS-SEM. European Business Review, 31, 2–24. https://doi.org/10.1108/EBR-11-2018-0203
Hair, J., Hollingsworth, C. L., Randolph, A. B., & Chong, A. Y. L. (2017). An updated and expanded assessment of PLS-SEM in information systems research. Industrial Management & Data Systems, 117, 442–458. https://doi.org/10.1108/IMDS-04-2016-0130
Hasan, S., Ali, M., Kurnia, S., & Thurasamy, R. (2021). Evaluating the cyber security readiness of organizations and its influence on performance. Journal of Information Security and Applications, 58. https://doi.org/10.1016/j.jisa.2020.102726
Hasani, T., O’Reilly, N., Dehghantanha, A., Rezania, D., & Levallet, N. (2023). Evaluating the adoption of cybersecurity and its influence on organizational performance. SN Business & Economics, 3, 97. https://doi.org/10.1007/s43546-023-00477-6
Heidt, M., Gerlach, J. P., & Buxmann, P. (2019). Investigating the Security Divide between SME and Large Companies: How SME Characteristics Influence Organizational IT Security Investments. Information Systems Frontiers, 21, 1285–1305. https://doi.org/10.1007/s10796-019-09959-1
Ho, S. M., & Gross, M. (2021). Consciousness of cyber defense: A collective activity system for developing organizational cyber awareness. Comput Secur, 108, 102357. https://doi.org/10.1016/j.cose.2021.102357
Huang, C.-H. (2021). Using PLS-SEM Model to Explore the Influencing Factors of Learning Satisfaction in Blended Learning. Educ Sci (Basel, 11, 249. https://doi.org/10.3390/educsci11050249
Ifinedo, P. (2012). Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory. Computers & Security, 31(1), 83–95. https://doi.org/10.1016/j.cose.2011.07.007
Kabanda, S., Tanner, M., & Kent, C. (2018). Exploring SME cybersecurity practices in developing countries. Journal of Organizational Computing and Electronic Commerce, 28, 269–282. https://doi.org/10.1080/10919392.2018.1484598
Kaur, H., Gupta, M., & Singh, S. P. (2024). Integrated model to optimize supplier selection and investments for cyber resilience in digital supply chains. Int J Prod Econ, 275, 109338. https://doi.org/10.1016/j.ijpe.2024.109338
Kemper, G. (2019). Improving employees’ cyber security awareness. Computer Fraud & Security, 11–14. https://doi.org/10.1016/S1361-3723(19)30085-5
Klein, G., & Zwilling, M. (2024). The Weakest Link: Employee Cyber-Defense Behaviors While Working from Home. Journal of Computer Information Systems, 64, 408–422. https://doi.org/10.1080/08874417.2023.2221200
Lee, L., Petter, S., Fayard, D., & Robinson, S. (2011). On the use of partial least squares path modeling in accounting research. International Journal of Accounting Information Systems, 12, 305–328. https://doi.org/10.1016/j.accinf.2011.05.002
Lis, P., & Mendel, J. (2019). cyber attacks on Critical Infrastructure: an Economic Perspective. Economics and Business Review, 5, 24–47. https://doi.org/10.18559/ebr.2019.2.2
Meduri, Y., & Prasad, S. C. (2018). Designing the Strategies for Preparing Talent for Change: A Special Focus on Automation, Digital Security and Demographics. Gavesana Journal of Management, 10, 94–108.
Mohamad, A., Rizal, A. M., Kamarudin, S., & Sahimi, M. (2022). Exploring the Co-Creation of Small and Medium Enterprises, and Service Providers Enabled by Digital Interactive Platforms for Internationalization: A Case Study in Malaysia. Sustainability, 14, 16119. https://doi.org/10.3390/su142316119
Morgan S. (2023). Cybercrime To Cost The World 10.5 Trillion Annually By 2025, Special Report: Cyberwarfare In The C-Suite. https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/
Nagahawatta, R., Lokuge, S., Warren, M., & Salzman, S. (2021). Cybersecurity Issues and Practices in a Cloud Context: A Comparison Amongst Micro. Small and Medium Enterprises.
Ncubukezi, T., Mwansa, L., & Rocaries, F. (2020). A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. 2020 15th International Conference for Internet Technology and Secured Transactions (ICITST), IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339
Nsoh, J. (2021). Exploring the Strategies Cybersecurity Managers Need to Bolster Industry 4.0 from cyber attacks. Doctoral dissertation, Colorado Technical University.
Nyarko, D. A., & Fong, R. C. (2023). Cyber Security Compliance Among Remote Workers. In H. Jahankhani (Ed.), Cybersecurity in the Age of Smart Societies. Advanced Sciences and Technologies for Security Applications (pp. 343–369). Springer. https://doi.org/10.1007/978-3-031-20160-8_18
Ospina, M., y Sanabria, P. (2020). Desafíos nacionales frente a la ciberseguridad en el escenario global: un análisis para Colombia. Revista Criminalidad, 62(2), 199-217. https://doi.org/10.47741/17943108.168
Parker, A., & Brown, I. (2019). Skills Requirements for Cyber Security Professionals: A Content Analysis of Job Descriptions in South Africa. In H. Venter, M. Loock, M. Coetzee, M. Eloff, & J. Eloff (Eds.), Information Security. ISSA 2018. Communications in Computer and Information Science (pp. 176–192). Springer. https://doi.org/10.1007/978-3-030-11407-7_13
Poehlmann, N., Caramancion, K. M., Tatar, I., Li, Y., Barati, M., & Merz, T. (2021a). The Organizational Cybersecurity Success Factors: An Exhaustive Literature Review. In K. Daimi, H. R. Arabnia, L. Deligiannidis, M. S. Hwang, & F. G. Tinetti (Eds.), Advances in Security, Networks, and Internet of Things. Transactions on Computational Science and Computational Intelligence (pp. 377–395). https://doi.org/10.1007/978-3-030-71017-0_27
Poehlmann, N., Caramancion, K. M., Tatar, I., Li, Y., Barati, M., & Merz, T. (2021b). The Organizational Cybersecurity Success Factors: An Exhaustive Literature Review. In K. Daimi, H. R. Arabnia, L. Deligiannidis, M. S. Hwang, & F. G. Tinetti (Eds.), Advances in Security, Networks, and Internet of Things. Transactions on Computational Science and Computational Intelligence (pp. 377–395). https://doi.org/10.1007/978-3-030-71017-0_27
Polkowski, Z., & Dysarz, J. (2017). It security management in Small and Medium Enterprises. Scientific Bulletin – Economic Sciences, 16, 134–148.
Purwanto, A., & Sudargini, Y. (2021). Partial Least Squares Structural Squation Modeling (PLS-SEM) Analysis for Social and Management Research : A Literature Review. Journal of Industrial Engineering & Management Research, 2, 114–123.
Pyke, A., Rovira, E., Murray, S., Pritts, J., Carp, C. L., & Thomson, T. (2021). Predicting individual differences to cyber attacks: Knowledge, arousal, emotional and trust responses. Cyberpsychology: Journal of Psychosocial Research on Cyberspace, 15, 9. https://doi.org/10.5817/CP2021-4-9
Quader, F., & Janeja, V. P. (2021a). Insights into Organizational Security Readiness: Lessons Learned from cyber attack Case Studies. Journal of Cybersecurity and Privacy, 1, 638–659. https://doi.org/10.3390/jcp1040032
Quader, F., & Janeja, V. P. (2021b). Insights into Organizational Security Readiness: Lessons Learned from cyber attack Case Studies. Journal of Cybersecurity and Privacy, 1(4), 638–659. https://doi.org/10.3390/jcp1040032
Ramayah, T., Ling, N. S., Taghizadeh, S. K., & Rahman, S. A. (2016). Factors influencing SMEs website continuance intention in Malaysia. Telematics and Informatics, 33, 150–164. https://doi.org/10.1016/j.tele.2015.06.007
Realpe, M. E., & Cano, J. (2020). Amenazas Cibernéticas a la Seguridad y Defensa Nacional. Reflexiones y perspectivas en Colombia. In R. A. Méndez Romero, J. Cano, J. Ramió Aguirre, & L. E. Sánchez Crespo (Eds.), Seguridad Informática: X Congreso Iberoamericano, CIBSI 2020.
Renaud, K., & Ophoff, J. (2021). A cyber situational awareness model to predict the implementation of cyber security controls and precautions by SMEs. Organizational Cybersecurity Journal: Practice, Process and People, 1, 24–46. https://doi.org/10.1108/OCJ-03-2021-0004
Rezaei, R., Safa, L., & Ganjkhanloo, M. M. (2020). Understanding farmers’ ecological conservation behavior regarding the use of integrated pest management- an application of the technology acceptance model. Glob Ecol Conserv, 22, 941. https://doi.org/10.1016/j.gecco.2020.e00941
Rogers, E. M. (2003). Diffusion of Innovations (5th ed.). Free Press.
Rožman, M., Tominc, P., & Milfelner, B. (2020). A Comparative Study Using Two SEM Techniques on Different Samples Sizes for Determining Factors of Older Employee’s Motivation and Satisfaction. Sustainability, 12, 2189. https://doi.org/10.3390/su12062189
Sánchez, D. A. G., Duran, D. E. S., Valencia, L. E. P., Jaimes, A. E. V., González, I. A. D., & Alegría, F., Alonso Vidal. (2023). Modelo de madurez de cultura organizacional de ciberseguridad para el sector financiero basado en buenas prácticas. Revista Ibérica De Sistemas e Tecnologias De Informação, 362-375.
Sánchez, M. A., & Batista, M. (2023). Business continuity for times of vulnerability: Empirical evidence. Journal of Contingencies and Crisis Management, 31, 431–440. https://doi.org/10.1111/1468-5973.12449
Saz Dones, M. (2022). Ciclo de Vida de un Ciberataque: Ataque y Defensa. Universidad de Alcalá.
Schlette, D., Caselli, M., & Pernul, G. (2021). A Comparative Study on Cyber Threat Intelligence: The Security Incident Response Perspective. IEEE Communications Surveys and Tutorials, 23(4), 2525–2556. https://doi.org/10.1109/COMST.2021.3117338
Sharma, P., Dash, B., & Ansari, M. F. (2022). Anti-Phishing Techniques – A Review of Cyber Defense Mechanisms. IJARCCE, 11(7). https://doi.org/10.17148/ijarcce.2022.11728
Tam, T., Rao, A., & Hall, J. (2021a). The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. Computers & Security, 109, 102385. https://doi.org/10.1016/j.cose.2021.102385
Tam, T., Rao, A., & Hall, J. (2021b). The good, the bad and the missing: A Narrative review of cyber-security implications for australian small businesses. Comput Secur, 109, 102385. https://doi.org/10.1016/j.cose.2021.102385
Thakur, M. (2024). Cyber Security Threats and Countermeasures in Digital Age. Journal of Applied Science and Education (JASE, 4, 1–20. https://doi.org/10.54060/a2zjournals.jase.42
Tobi, H., & Kampen, J. K. (2018). Research design: the methodology for interdisciplinary research framework. Qual Quant, 52, 1209–1225. https://doi.org/10.1007/s11135-017-0513-8
Wernerfelt, B. (1984). A resource-based view of the firm. Strategic Management Journal, 5(2), 171–180. https://doi.org/10.1002/smj.4250050207
Wilson, M., McDonald, S., Button, D., & McGarry, K. (2023). It Won’t Happen to Me: Surveying SME Attitudes to Cyber-security. Journal of Computer Information Systems, 63, 397–409. https://doi.org/10.1080/08874417.2022.2067791
Wolden, M., Valverde, R., & Talla, M. (2015). The effectiveness of COBIT 5 information security framework for reducing cyber attacks on supply chain management system. IFAC-PapersOnLine, 48(3), 1846–1852. https://doi.org/10.1016/j.ifacol.2015.06.355
Wong, L.-W., Lee, V.-H., Tan, G. W.-H., Ooi, K.-B., & Sohal, A. (2022a). The role of cybersecurity and policy awareness in shifting employee compliance attitudes: Building supply chain capabilities. Int J Inf Manage, 66, 102520. https://doi.org/10.1016/j.ijinfomgt.2022.102520
Wong, L.-W., Lee, V.-H., Tan, G. W.-H., Ooi, K.-B., & Sohal, A. (2022b). The role of cybersecurity and policy awareness in shifting employee compliance attitudes: Building supply chain capabilities. International Journal of Information Management, 66, 102520. https://doi.org/10.1016/j.ijinfomgt.2022.102520
Yadav, S. K., Sharma, K., Kumar, C., & Arora, A. (2022). Blockchain-based synergistic solution to current cybersecurity frameworks. Multimedia Tools and Applications, 81(25), 36623–36644. https://doi.org/10.1007/S11042-021-11465-Z/METRICS
Yudhiyati, R., Putritama, A., & Rahmawati, D. (2021). What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society, 19, 446–462. https://doi.org/10.1108/JICES-03-2021-0035
Zografopoulos, I., Ospina, J., Liu, X., & Konstantinou, C. (2021). Cyber-Physical Energy Systems Security: Threat Modeling, Risk Assessment, Resources, Metrics, and Case Studies. IEEE Access, 9, 29775–29818. https://doi.org/10.1109/ACCESS.2021.3058403
Alarifi, S. H. (2023a). Small and Medium Businesses Readiness towards cyber attacks in Saudi Arabia. Global Economics Review, VIII, 113–126. https://doi.org/10.31703/ger.2023(VIII-I).11
Alarifi, S. H. (2023b). Small and Medium Businesses Readiness towards cyber attacks in Saudi Arabia. Global Economics Review, VIII(I), 113–126. https://doi.org/10.31703/ger.2023(VIII-I).11
Alharbi, F., Alsulami, M., AL-Solami, A., Al-Otaibi, Y., Al-Osimi, M., Al-Qanor, F., & Al-Otaibi, K. (2021). The Impact of Cybersecurity Practices on cyber attack Damage: The Perspective of Small Enterprises in Saudi Arabia. Sensors, 21, 6901. https://doi.org/10.3390/s21206901
Alhayani, B., Abbas, S. T., Khutar, D. Z., & Mohammed, H. J. (2021). WITHDRAWN: Best ways computation intelligent of face cyber attacks. https://doi.org/10.1016/j.matpr.2021.02.557
Alohali, M. A., Al-Wesabi, F. N., Hilal, A. M., Goel, S., Gupta, D., & Khanna, A. (2022). Artificial intelligence enabled intrusion detection systems for cognitive cyber-physical systems in industry 4.0 environment. Cognitive Neurodynamics, 16(5), 1045–1057. https://doi.org/10.1007/S11571-022-09780-8/METRICS
Amora, J. T. (2021). Convergent validity assessment in PLS-SEM: A loadings-driven approach. Data Analysis Perspectives Journal, 2, 1–6.
Armenia, S., Angelini, M., Nonino, F., Palombi, G., & Schlitzer, M. F. (2021). A dynamic simulation approach to support the evaluation of cyber risks and security investments in SMEs. Decis Support Syst, 147, 113580. https://doi.org/10.1016/j.dss.2021.113580
Aschwanden, R., Messner, C., Höchli, B., & Holenweger, G. (2024). Employee behavior: the psychological gateway for cyber attacks. Organizational Cybersecurity Journal: Practice, Process and People, 4, 32–50. https://doi.org/10.1108/OCJ-02-2023-0004
Asis, E. H. R., Maguiña, M. R. E., infantes, S. M. E., & Toro, M. E. N. (2020). Inteligencia emocional, competencias y desempeño del docente universitario: Aplicando la técnica mínimos cuadrados parciales SEM-PLS. Revista Electrónica Interuniversitaria de Formación Del Profesorado, 23, 99–114. https://doi.org/10.6018/reifop.428261
Aslan, Ö., Aktuğ, S. S., Ozkan-Okay, M., Yilmaz, A. A., & Akin, E. (2023). A Comprehensive Review of Cyber Security Vulnerabilities, Threats, Attacks, and Solutions. Electronics (Basel, 12. https://doi.org/10.3390/electronics12061333
Bagozzi, R. P., & Heatherton, T. F. (1994). A general approach to representing multifaceted personality constructs: Application to state self‐esteem. Struct Equ Modeling, 1, 35–67. https://doi.org/10.1080/10705519409539961
Baker, M. (2016). Striving for effective cyber workforce development.
Barney, J. (1991). Firm resources and sustained competitive advantage. Journal of Management, 17(1), 99–120. https://doi.org/10.1177/014920639101700108
Becker, J.-M., Cheah, J.-H., Gholamzade, R., Ringle, C. M., & Sarstedt, M. (2023). PLS-SEM’s most wanted guidance. International Journal of Contemporary Hospitality Management, 35, 321–346. https://doi.org/10.1108/IJCHM-04-2022-0474
Bhatti, B. M., Mubarak, S., & Nagalingam, S. (2021). Information security implications of using NLP in IT outsourcing: a Diffusion of Innovation theory perspective. Automated Software Engineering, 28, 12. https://doi.org/10.1007/s10515-021-00286-x
Blanco Esteban, L. F. (2022). Bailando con lobos: la estrategia de ciberseguridad en la organización. RUIDERAe: Revista de Unidades de Información, 19, 1–9.
Cano, J. J. (2022). La cadena de suministro digital. Revista Sistemas, 164, 53–63. https://doi.org/10.29236/sistemas.n164a6
Carlton, M., Levy, Y., & Ramim, M. (2019). Mitigating cyber attacks through the measurement of non-IT professionals’ cybersecurity skills. Information & Computer Security, 27, 101–121. https://doi.org/10.1108/ICS-11-2016-0088
Chang, L. Y. C., & Coppel, N. (2020a). Building cyber security awareness in a developing country: Lessons from Myanmar. Comput Secur, 97, 101959. https://doi.org/10.1016/j.cose.2020.101959
Chang, L. Y. C., & Coppel, N. (2020b). Building cyber security awareness in a developing country: Lessons from Myanmar. Computers & Security, 97, 101959. https://doi.org/10.1016/j.cose.2020.101959
Chaudhary, S., Gkioulos, V., & Katsikas, S. (2023). A quest for research and knowledge gaps in cybersecurity awareness for small and medium-sized enterprises. Comput Sci Rev, 50, 100592. https://doi.org/10.1016/j.cosrev.2023.100592
Chen, J.-K., Lin, Y.-H., & Chang, C.-H. (2021). Cyber security training and awareness for small and medium enterprises. In 2021 IEEE International Conference on Consumer Electronics-Taiwan (GCCE) (pp. 1–2). IEEE. https://doi.org/10.1109/GCCE53005.2021.9621945
Cheung, G. W., & Wang, C. (2017). Current Approaches for Assessing Convergent and Discriminant Validity with SEM: Issues and Solutions. Academy of Management Proceedings 2017, 12706. https://doi.org/10.5465/AMBPP.2017.12706abstract
Chidukwani, A., Zander, S., & Koutsakis, P. (2022). A Survey on the Cyber Security of Small-to-Medium Businesses: Challenges, Research Focus and Recommendations. IEEE Access, 10, 85701–85719. https://doi.org/10.1109/ACCESS.2022.3197899
Chidukwani, A., Zander, S., & Koutsakis, P. (2024). Cybersecurity preparedness of small-to-medium businesses: A Western Australia study with broader implications. Comput Secur, 145. https://doi.org/10.1016/j.cose.2024.104026
Chikwendu, S. C., & Oli, N. P. (2023). Human Factors influencing Compliance to Cyber Security Practices by Employees of Public Universities in Southeast Nigeria. International Journal of Information Security, Privacy and Digital Forensics, 7, 1–10.
Development Bank of Latin American and The Caribbean. (2023). Supporting SMEs
for more productive countries. https://www.caf.com/media/4663668/impacto-caf-support-to-smes-full-report.pdf?utm_source=chatgpt.com
De Jesús Zambrano Miranda, M., De la Cruz Almanza, S. A., Villamizar, J. A. P., Uribe, S. M. B., & Arias, I. C. R. (2025). Informalidad empresarial en micronegocios de colombia: evidencia desde cúcuta y su área metropolitana. Semestre Económico, 28(65), 1-24. https://doi.org/10.22395/seec.v28n65a5054
Deutrom, J., Katos, V., & Ali, R. (2022). Loneliness, life satisfaction, problematic internet use and security behaviours: re-examining the relationships when working from home during COVID-19. Behaviour & Information Technology, 41(14), 3161–3175. https://doi.org/10.1080/0144929X.2021.1973107
Díaz-Piraquive, F. N., De Jesús Muriel-Perea, Y., & González-Crespo, R. (2023). Cybersecurity Management in Micro, Small, and Medium Enterprises in Colombia. En Communications in computer and information science (pp. 74-85). https://doi.org/10.1007/978-3-031-34045-1_8
dos Santos, P. M., & Cirillo, M. Â. (2023). Construction of the average variance extracted index for construct validation in structural equation models with adaptive regressions. Communications in Statistics: Simulation and Computation, 52(4), 1639–1650. https://doi.org/10.1080/03610918.2021.1888122
Fadilah, A. N., & Putranto, N. A. R. (2023). Influence of Employer Branding Dimensions on Generation Z Women’s Intention to Apply For a Job with Person-Organization Fit as Mediating Variable. Journal Integration of Social Studies and Business Development, 1, 91–101. https://doi.org/10.58229/jissbd.v1i2.110
Fey, C. F., Hu, T., & Delios, A. (2023). The Measurement and Communication of Effect Sizes in Management Research. Management and Organization Review, 19, 176–197.
Fonseca-Herrera, O. A., Rojas, A. E., & Florez, H. (2021). A Model of an Information Security Management System Based on NTC-ISO/IEC 27001 Standard. IAENG Int J Comput Sci, 48, 1–10.
George, A. S., Baskar, T., & Srikaanth, B. (2024). Cyber Threats to Critical Infrastructure: Assessing Vulnerabilities Across Key Sectors. Partners Universal International Innovation Journal(PUIIJ, 2, 51–75.
Hair, J. F., Risher, J. J., Sarstedt, M., & Ringle, C. M. (2019). When to use and how to report the results of PLS-SEM. European Business Review, 31, 2–24. https://doi.org/10.1108/EBR-11-2018-0203
Hair, J., Hollingsworth, C. L., Randolph, A. B., & Chong, A. Y. L. (2017). An updated and expanded assessment of PLS-SEM in information systems research. Industrial Management & Data Systems, 117, 442–458. https://doi.org/10.1108/IMDS-04-2016-0130
Hasan, S., Ali, M., Kurnia, S., & Thurasamy, R. (2021). Evaluating the cyber security readiness of organizations and its influence on performance. Journal of Information Security and Applications, 58. https://doi.org/10.1016/j.jisa.2020.102726
Hasani, T., O’Reilly, N., Dehghantanha, A., Rezania, D., & Levallet, N. (2023). Evaluating the adoption of cybersecurity and its influence on organizational performance. SN Business & Economics, 3, 97. https://doi.org/10.1007/s43546-023-00477-6
Heidt, M., Gerlach, J. P., & Buxmann, P. (2019). Investigating the Security Divide between SME and Large Companies: How SME Characteristics Influence Organizational IT Security Investments. Information Systems Frontiers, 21, 1285–1305. https://doi.org/10.1007/s10796-019-09959-1
Ho, S. M., & Gross, M. (2021). Consciousness of cyber defense: A collective activity system for developing organizational cyber awareness. Comput Secur, 108, 102357. https://doi.org/10.1016/j.cose.2021.102357
Huang, C.-H. (2021). Using PLS-SEM Model to Explore the Influencing Factors of Learning Satisfaction in Blended Learning. Educ Sci (Basel, 11, 249. https://doi.org/10.3390/educsci11050249
Ifinedo, P. (2012). Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory. Computers & Security, 31(1), 83–95. https://doi.org/10.1016/j.cose.2011.07.007
Kabanda, S., Tanner, M., & Kent, C. (2018). Exploring SME cybersecurity practices in developing countries. Journal of Organizational Computing and Electronic Commerce, 28, 269–282. https://doi.org/10.1080/10919392.2018.1484598
Kaur, H., Gupta, M., & Singh, S. P. (2024). Integrated model to optimize supplier selection and investments for cyber resilience in digital supply chains. Int J Prod Econ, 275, 109338. https://doi.org/10.1016/j.ijpe.2024.109338
Kemper, G. (2019). Improving employees’ cyber security awareness. Computer Fraud & Security, 11–14. https://doi.org/10.1016/S1361-3723(19)30085-5
Klein, G., & Zwilling, M. (2024). The Weakest Link: Employee Cyber-Defense Behaviors While Working from Home. Journal of Computer Information Systems, 64, 408–422. https://doi.org/10.1080/08874417.2023.2221200
Lee, L., Petter, S., Fayard, D., & Robinson, S. (2011). On the use of partial least squares path modeling in accounting research. International Journal of Accounting Information Systems, 12, 305–328. https://doi.org/10.1016/j.accinf.2011.05.002
Lis, P., & Mendel, J. (2019). cyber attacks on Critical Infrastructure: an Economic Perspective. Economics and Business Review, 5, 24–47. https://doi.org/10.18559/ebr.2019.2.2
Meduri, Y., & Prasad, S. C. (2018). Designing the Strategies for Preparing Talent for Change: A Special Focus on Automation, Digital Security and Demographics. Gavesana Journal of Management, 10, 94–108.
Mohamad, A., Rizal, A. M., Kamarudin, S., & Sahimi, M. (2022). Exploring the Co-Creation of Small and Medium Enterprises, and Service Providers Enabled by Digital Interactive Platforms for Internationalization: A Case Study in Malaysia. Sustainability, 14, 16119. https://doi.org/10.3390/su142316119
Morgan S. (2023). Cybercrime To Cost The World 10.5 Trillion Annually By 2025, Special Report: Cyberwarfare In The C-Suite. https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/
Nagahawatta, R., Lokuge, S., Warren, M., & Salzman, S. (2021). Cybersecurity Issues and Practices in a Cloud Context: A Comparison Amongst Micro. Small and Medium Enterprises.
Ncubukezi, T., Mwansa, L., & Rocaries, F. (2020). A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. 2020 15th International Conference for Internet Technology and Secured Transactions (ICITST), IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339
Nsoh, J. (2021). Exploring the Strategies Cybersecurity Managers Need to Bolster Industry 4.0 from cyber attacks. Doctoral dissertation, Colorado Technical University.
Nyarko, D. A., & Fong, R. C. (2023). Cyber Security Compliance Among Remote Workers. In H. Jahankhani (Ed.), Cybersecurity in the Age of Smart Societies. Advanced Sciences and Technologies for Security Applications (pp. 343–369). Springer. https://doi.org/10.1007/978-3-031-20160-8_18
Ospina, M., y Sanabria, P. (2020). Desafíos nacionales frente a la ciberseguridad en el escenario global: un análisis para Colombia. Revista Criminalidad, 62(2), 199-217. https://doi.org/10.47741/17943108.168
Parker, A., & Brown, I. (2019). Skills Requirements for Cyber Security Professionals: A Content Analysis of Job Descriptions in South Africa. In H. Venter, M. Loock, M. Coetzee, M. Eloff, & J. Eloff (Eds.), Information Security. ISSA 2018. Communications in Computer and Information Science (pp. 176–192). Springer. https://doi.org/10.1007/978-3-030-11407-7_13
Poehlmann, N., Caramancion, K. M., Tatar, I., Li, Y., Barati, M., & Merz, T. (2021a). The Organizational Cybersecurity Success Factors: An Exhaustive Literature Review. In K. Daimi, H. R. Arabnia, L. Deligiannidis, M. S. Hwang, & F. G. Tinetti (Eds.), Advances in Security, Networks, and Internet of Things. Transactions on Computational Science and Computational Intelligence (pp. 377–395). https://doi.org/10.1007/978-3-030-71017-0_27
Poehlmann, N., Caramancion, K. M., Tatar, I., Li, Y., Barati, M., & Merz, T. (2021b). The Organizational Cybersecurity Success Factors: An Exhaustive Literature Review. In K. Daimi, H. R. Arabnia, L. Deligiannidis, M. S. Hwang, & F. G. Tinetti (Eds.), Advances in Security, Networks, and Internet of Things. Transactions on Computational Science and Computational Intelligence (pp. 377–395). https://doi.org/10.1007/978-3-030-71017-0_27
Polkowski, Z., & Dysarz, J. (2017). It security management in Small and Medium Enterprises. Scientific Bulletin – Economic Sciences, 16, 134–148.
Purwanto, A., & Sudargini, Y. (2021). Partial Least Squares Structural Squation Modeling (PLS-SEM) Analysis for Social and Management Research : A Literature Review. Journal of Industrial Engineering & Management Research, 2, 114–123.
Pyke, A., Rovira, E., Murray, S., Pritts, J., Carp, C. L., & Thomson, T. (2021). Predicting individual differences to cyber attacks: Knowledge, arousal, emotional and trust responses. Cyberpsychology: Journal of Psychosocial Research on Cyberspace, 15, 9. https://doi.org/10.5817/CP2021-4-9
Quader, F., & Janeja, V. P. (2021a). Insights into Organizational Security Readiness: Lessons Learned from cyber attack Case Studies. Journal of Cybersecurity and Privacy, 1, 638–659. https://doi.org/10.3390/jcp1040032
Quader, F., & Janeja, V. P. (2021b). Insights into Organizational Security Readiness: Lessons Learned from cyber attack Case Studies. Journal of Cybersecurity and Privacy, 1(4), 638–659. https://doi.org/10.3390/jcp1040032
Ramayah, T., Ling, N. S., Taghizadeh, S. K., & Rahman, S. A. (2016). Factors influencing SMEs website continuance intention in Malaysia. Telematics and Informatics, 33, 150–164. https://doi.org/10.1016/j.tele.2015.06.007
Realpe, M. E., & Cano, J. (2020). Amenazas Cibernéticas a la Seguridad y Defensa Nacional. Reflexiones y perspectivas en Colombia. In R. A. Méndez Romero, J. Cano, J. Ramió Aguirre, & L. E. Sánchez Crespo (Eds.), Seguridad Informática: X Congreso Iberoamericano, CIBSI 2020.
Renaud, K., & Ophoff, J. (2021). A cyber situational awareness model to predict the implementation of cyber security controls and precautions by SMEs. Organizational Cybersecurity Journal: Practice, Process and People, 1, 24–46. https://doi.org/10.1108/OCJ-03-2021-0004
Rezaei, R., Safa, L., & Ganjkhanloo, M. M. (2020). Understanding farmers’ ecological conservation behavior regarding the use of integrated pest management- an application of the technology acceptance model. Glob Ecol Conserv, 22, 941. https://doi.org/10.1016/j.gecco.2020.e00941
Rogers, E. M. (2003). Diffusion of Innovations (5th ed.). Free Press.
Rožman, M., Tominc, P., & Milfelner, B. (2020). A Comparative Study Using Two SEM Techniques on Different Samples Sizes for Determining Factors of Older Employee’s Motivation and Satisfaction. Sustainability, 12, 2189. https://doi.org/10.3390/su12062189
Sánchez, D. A. G., Duran, D. E. S., Valencia, L. E. P., Jaimes, A. E. V., González, I. A. D., & Alegría, F., Alonso Vidal. (2023). Modelo de madurez de cultura organizacional de ciberseguridad para el sector financiero basado en buenas prácticas. Revista Ibérica De Sistemas e Tecnologias De Informação, 362-375.
Sánchez, M. A., & Batista, M. (2023). Business continuity for times of vulnerability: Empirical evidence. Journal of Contingencies and Crisis Management, 31, 431–440. https://doi.org/10.1111/1468-5973.12449
Saz Dones, M. (2022). Ciclo de Vida de un Ciberataque: Ataque y Defensa. Universidad de Alcalá.
Schlette, D., Caselli, M., & Pernul, G. (2021). A Comparative Study on Cyber Threat Intelligence: The Security Incident Response Perspective. IEEE Communications Surveys and Tutorials, 23(4), 2525–2556. https://doi.org/10.1109/COMST.2021.3117338
Sharma, P., Dash, B., & Ansari, M. F. (2022). Anti-Phishing Techniques – A Review of Cyber Defense Mechanisms. IJARCCE, 11(7). https://doi.org/10.17148/ijarcce.2022.11728
Tam, T., Rao, A., & Hall, J. (2021a). The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. Computers & Security, 109, 102385. https://doi.org/10.1016/j.cose.2021.102385
Tam, T., Rao, A., & Hall, J. (2021b). The good, the bad and the missing: A Narrative review of cyber-security implications for australian small businesses. Comput Secur, 109, 102385. https://doi.org/10.1016/j.cose.2021.102385
Thakur, M. (2024). Cyber Security Threats and Countermeasures in Digital Age. Journal of Applied Science and Education (JASE, 4, 1–20. https://doi.org/10.54060/a2zjournals.jase.42
Tobi, H., & Kampen, J. K. (2018). Research design: the methodology for interdisciplinary research framework. Qual Quant, 52, 1209–1225. https://doi.org/10.1007/s11135-017-0513-8
Wernerfelt, B. (1984). A resource-based view of the firm. Strategic Management Journal, 5(2), 171–180. https://doi.org/10.1002/smj.4250050207
Wilson, M., McDonald, S., Button, D., & McGarry, K. (2023). It Won’t Happen to Me: Surveying SME Attitudes to Cyber-security. Journal of Computer Information Systems, 63, 397–409. https://doi.org/10.1080/08874417.2022.2067791
Wolden, M., Valverde, R., & Talla, M. (2015). The effectiveness of COBIT 5 information security framework for reducing cyber attacks on supply chain management system. IFAC-PapersOnLine, 48(3), 1846–1852. https://doi.org/10.1016/j.ifacol.2015.06.355
Wong, L.-W., Lee, V.-H., Tan, G. W.-H., Ooi, K.-B., & Sohal, A. (2022a). The role of cybersecurity and policy awareness in shifting employee compliance attitudes: Building supply chain capabilities. Int J Inf Manage, 66, 102520. https://doi.org/10.1016/j.ijinfomgt.2022.102520
Wong, L.-W., Lee, V.-H., Tan, G. W.-H., Ooi, K.-B., & Sohal, A. (2022b). The role of cybersecurity and policy awareness in shifting employee compliance attitudes: Building supply chain capabilities. International Journal of Information Management, 66, 102520. https://doi.org/10.1016/j.ijinfomgt.2022.102520
Yadav, S. K., Sharma, K., Kumar, C., & Arora, A. (2022). Blockchain-based synergistic solution to current cybersecurity frameworks. Multimedia Tools and Applications, 81(25), 36623–36644. https://doi.org/10.1007/S11042-021-11465-Z/METRICS
Yudhiyati, R., Putritama, A., & Rahmawati, D. (2021). What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society, 19, 446–462. https://doi.org/10.1108/JICES-03-2021-0035
Zografopoulos, I., Ospina, J., Liu, X., & Konstantinou, C. (2021). Cyber-Physical Energy Systems Security: Threat Modeling, Risk Assessment, Resources, Metrics, and Case Studies. IEEE Access, 9, 29775–29818. https://doi.org/10.1109/ACCESS.2021.3058403
Article Sidebar
Published
2025-10-15
Article Details
How to Cite
Palacios-Moya, L., Bermeo-Giraldo, M. C., Arenas Lozano, J. A., Valencia-Arias, A., & Rodríguez-Correa, P. A. (2025). Human and organisational factors influencing the preparedness of small and medium-sized enterprises against cyber-attacks in developing countries. Journal of Telecommunications and the Digital Economy, 13(3), 30-70. https://doi.org/10.18080/jtde.v13n3.1197
Issue
Section
Digital Economy & Society
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Copyright Telecommunications Association Inc.
How to Cite
Palacios-Moya, L., Bermeo-Giraldo, M. C., Arenas Lozano, J. A., Valencia-Arias, A., & Rodríguez-Correa, P. A. (2025). Human and organisational factors influencing the preparedness of small and medium-sized enterprises against cyber-attacks in developing countries. Journal of Telecommunications and the Digital Economy, 13(3), 30-70. https://doi.org/10.18080/jtde.v13n3.1197
