Research Project

The impact of cyber security on the adoption of new digital technologies in UK’s SMEs

Principal Investigators
Dr Marta F Arroyabe
Professor Juan Carlos Fernandez De Arroyabe
computer

Project overview

The Digital Security by Design (DSbD) Programme aims to radically update the digital infrastructure currently underpinning the global economy, making it secure against future threats. Discribe is one part of this wider initiative, with funding in place until 2024.

"Discribe is making a vital contribution to ensuring that the next generation of digital security technology is set up for success in our rapidly evolving digital world.”

Our project investigates the impact of cyber security on the decision-making process behind the adoption of new digital technologies in the UK small and medium enterprises (SMEs). Taking a strategic management perspective, our project considers that the decision to invest in new tools and technologies depends upon internal (firms’ capabilities in cyber security) and external factors (threats and attacks in the cyber environment). This project focuses on understanding (1) the impact of previous cyber security incidents on SMEs’ decision to invest in new digital technologies, and (2) the impact of SMEs’ current cyber security practices on the readiness to invest in new digital technologies. The project is expected to lead to several outputs: a policy guide targeted at policymakers, outlining our main results and recommendations, a good practice guide for the adoption of digital technologies in SMEs, targeted at managers and institutions, two peer-reviewed articles, an original dataset from a survey instrument.

Get in touch with us - dsbdsmes@essex.ac.uk

Learn more about the project

Background and relevance

  • The COVID-19 pandemic has accelerated the process of digitalisation with an increasing number of businesses relying on remote working and on the internet to sell products and to keep in contact with customers and suppliers.
  • Our project aligns with the UK’s government Digital Strategy and the DCMS’s Ten Tech Priorities, which seek to transform the UK into a world-leading digital economy. Digitalisation has been found to support businesses’ growth by increasing productivity and financial performance.
  • Our project focuses on SMEs, which are the backbone of the UK economy and which lag behind larger businesses in the adoption of all digital technologies (e.g. connectivity, cloud, big data, e-commerce, process digitalisation and automation, online presence and communication). In fact, the digital gap has been exacerbated with the COVID-19 crisis, with SMEs expected to reduce and large firms expected to increase their IT expenditures.
  • Compared to large firms, SMEs face substantial challenges in terms of the capability (e.g. knowledge and skills) and capacity (e.g. financial and time resources) to plan and implement their digital transformation, and in terms of cyber security. In particular, the risks and costs of cyber incidents, and the lack of cyber security strategies in SMEs make SMEs particularly vulnerable to cyber attacks. Cyber security is crucial for SMEs as cyber incidents are the number one technology threat to business, with a quarter of UK’s SMEs at risk of closing their businesses following a cyber attack.

Focus and goals

This project investigates the impact of cyber security on the decision-making process behind the adoption of new digital technologies in UK small and medium enterprises (SMEs) , contributing to the topic area of “Economics and Decision Making in Security” of the Discribe Hub+ commissioning call.

Despite the importance of SMEs, few studies have explored the role of cyber security (and its relative importance) in the decision-making process behind the adoption of new digital technologies in SMEs. Although existing studies offer valuable insights on firms’ digitalisation processes and on decisions around investment levels in cyber security, the empirical evidence is scant on the interrelation of these two, especially with regards to SMEs. Thus, this project proposes to investigate the impact of cyber security in SMEs’ decision-making process to adopt new digital technologies.

This project recognises the importance of understanding the nature of the management decision-process in digitalisation, and how decisions are contingent on previous and current cyber security experiences. Taking a strategic management perspective, our project assumes that firms’ decision-making processes reflect their previous experiences, their capabilities, and the influence of the external environment. In this context, our project considers that the decision to invest in new tools and technologies depends upon internal (firms’ capabilities in cyber security) and external factors (threats and attacks in the cyber environment). In particular, our project addresses two research questions, one relating to the internal factors and one relating to the external factors. For the internal factors, our research question (RQ1) is: how do SMEs’ current cyber security practices and strategies affect the readiness of firms to adopt and invest in new digital technologies?. For the external factors, our research question (RQ2) is: how does SMEs’ previous experience with cyber incidents both inside their own firm or in other firms in their industry environment affect the decision to adopt and invest in new digital technologies?

Project findings

Digitalization and Cybersecurity in SMEs: A Bibliometric Analysis

This paper presents a bibliometric analysis on the topics of digitalization and cybersecurity in small and medium-sized enterprises (SMEs) using the R tool Bibliometrix. The analysis includes a total of 417 papers. Firstly, our paper contributes to the academic field by identifying four distinct clusters that represent different research areas: Industry 4.0 and Smart Factory, Industry 4.0 and SMEs, SMEs and Cybersecurity, and Digitalization, SMEs, and Entrepreneurship. This classification helps to categorize the existing research and provides an overview of the main research directions in this field.

Secondly, our paper contributes to the existing literature by emphasizing the existing research gaps. One significant finding is that the digital transformation of SMEs entails increased vulnerability to cyberattacks, which can be a determining factor of their digitalization efforts and the future of their businesses. We have identified that this particular aspect has not been adequately addressed, as existing research focuses on these issues individually without establishing connections between them.

Looking ahead, we anticipate that cybersecurity in SMEs will be a particular case of cybersecurity in firms, separated from research on digitalization in SMEs, which addresses issues such as smart factories and Industry 4.0 objectives in these enterprises.

The Effect of IT Security Issues on the Implementation of Industry 4.0 in SMEs: Barriers or Challenges?

In this paper, we investigate the impact of IT security issues on the implementation of Industry 4.0 in small and medium-sized enterprises (SMEs) operating in the manufacturing sector. To address this question, we conducted an empirical study utilizing survey data from 3,184 SMEs gathered through the "Flash Eurobarometer No. 486" (European Union). We employed a machine-learning methodology in our analysis. Our study aims to contribute to the existing literature on the obstacles faced by SMEs in their digital transformation efforts by examining the role played by IT security issues in this process.

Firstly, our results demonstrate that IT security issues have a positive influence on the digitalization of SMEs, as they are perceived as challenges that impulse their transformation. Secondly, our study reveals variations in the levels of digitalisation among SMEs. We observed a broad spectrum of digital adoption, ranging from companies integrating complex digital technologies like robots, cloud computing, and smart devices to a group of companies that are in the early stages of developing Industry 4.0 capabilities. Lastly, our research highlights the heterogeneity in the impact of IT security issues, with a parallel relationship observed between the degree of digitalization and the importance placed on IT security.

Overall, our findings shed light on the significance of addressing IT security concerns in facilitating the successful implementation of Industry 4.0 in SMEs, and emphasize the varying degrees of digital maturity across different companies.

Exploring Cyber Security and Resilience in SMEs: A Regression and Machine Learning Analysis

This study aims to examine the management of cyber security in small and medium-sized enterprises (SMEs) and its impact on their resilience. While SMEs play a critical role in the economy, previous research has predominantly focused on cyber security management in large companies. In an effort to address the limited literature on cyber security management in SMEs, we conducted an empirical study based on a survey of 214 SMEs in the UK. Our approach involved a cause-effect analysis using the protection motivation theory (PMT) as a theoretical framework. This study provides both theoretical and methodological contributions, offering valuable insights for managers.

Firstly, our findings shed light on the insufficient attention given by SMEs to the management of cyber security. We identified cyber security incidents as the most significant driver of resilience, surpassing the importance of cyber security management itself. Additionally, our study expands the PMT theory by emphasizing the significance of considering the interplay between factors influencing cyber security management in SMEs.

Secondly, this study demonstrates the potential of statistical methods, particularly machine learning techniques, in discerning cause-effect relationships among the factors impacting cyber security in SMEs.

The effect of cyber security standards on the digitalization of SMEs: A Machine Learning and Systems Dynamics approach

This research paper aims to examine the impact of cybersecurity standards, specifically ISO and Cyber Essentials, on the digital transformation of small and medium enterprises (SMEs). The existing literature has not sufficiently addressed the interconnectedness of digitalization, cybersecurity, and standards, highlighting a significant research gap in this area.

To provide a theoretical framework for our study, we will employ the Technology Adoption Model (TAM). This model is particularly relevant as it considers the adoption of diverse digital technologies as a crucial aspect of SMEs' digital transformation.

Our research methodology involves adopting the system dynamics approach to analyse how these factors influence the process of digitalisation. Our study is based on a survey of 214 SMEs in the UK and utilizes a cause-effect analysis approach. Additionally, we will integrate machine-learning techniques (ML) with regression models to enhance the accuracy and depth of our findings.

Our research outcomes reveal two noteworthy findings. Firstly, the utilization of cybersecurity standards among SMEs is notably low, suggesting a potential area for improvement in their digital transformation efforts. Secondly, we identified a dynamic interplay among digitalization, cybersecurity systems, and standards, which collectively reinforce the positive impact on the digital transformation of SMEs.

These research findings offer valuable insights for both managers and policymakers involved in facilitating and promoting the digitalization process within SMEs. It is essential to leverage these insights to develop effective strategies and policies that foster successful digital transformation in this sector.

Past events and presentations

DSbD All hands event- 27 April 2023

An in-person event at De Vere Grand Connaught Rooms in London. The event featured updates from current projects, and had some networking opportunities. We also attended workshops aimed at supporting the impact and dissemination of our projects and engagement opportunities with the Government.

DSbD All hands event- 11 and 12 October 2022

An in-person event at the Grand Station (Wolverhampton). The event introduced new stakeholders, we heard updates from current projects, and had some networking opportunities. We also attended different workshops in the afternoon regarding the socio-technical aspects of Digital Security by Design.

Dr Marta F Arroyabe at the DSbD All hands event- 11th & 12th October 2022
Dr Marta F Arroyabe at the DSbD All hands event- 11th & 12th October 2022
Dr Marta F Arroyabe at the DSbD All hands event- 11th & 12th October 2022)
Dr Marta F Arroyabe at the DSbD All hands event- 11th & 12th October 2022

DSbD All hands event- 7 April 2022

In person event at the Institute of Directors (Pall Mall, London). The event consisted of a networking and poster sessions to update and introduce all the projects under the DSbD challenge. The event also held workshops to bring the DSbD community together, focusing on synergies and specific themes that run through DSbD.

Presentation at the Discribe event)
Presentation at the Discribe event
A person on a sofa using a laptop to browse online.
Get in touch
Discribe logo
UKRI ESRC logo