One size does not fit all: exploring the cybersecurity perspectives and engagement preferences of UK-Based small businesses

Abstract

This study examines the cybersecurity needs of UK-based Small and Medium-sized Enterprises (SMEs) via thematic interviews grounded in the Health Belief Model with ten Digitally Dependent SMEs (those who depend on ICT), ten Digitally Based SMEs (those who rely heavily on ICT), and ten Digital Enablers (cybersecurity providers). Previous research highlights SMEs’ tendency to underestimate cyber threats, presuming security by obscurity. Our study extends this understanding, revealing SMEs’ misjudgment regarding vulnerability to opportunistic attacks due to misunderstanding hackers’ indiscriminate methods. Additional findings include SMEs favoring technical solutions over training and policies relying on existing networks and IT suppliers for cybersecurity support. However, c Improving SMEs’ engagement with existing cybersecurity advice by enhancing its accessibility is a key area for improvement.