Risk likelihood of planned and unplanned cyber-attacks in small business sectors: A cybersecurity concern

Abstract

Human factors such as planned and unplanned cyber-attacks are a serious threat to any institution. The presence of planned and unplanned actions exposes the state of cybersecurity within the small business sector – leaving them vulnerable to a range of cyber-risks. This study used the AgenaRisk package with Bayesian Network (BN) tools to illustrate the likelihood of risk in planned and unplanned attacks. Adopting the package demonstrates the dependent and independent variables of the human factors, which are planned and unplanned, with their relationships resulting in the ultimate data breach. The work also combined qualitative research with quantitative risk analysis techniques to determine the risk likelihood of planned activities and unplanned employee actions and their behaviors influencing data breaches. The work used the judgemental sampling method to select twenty-five (25) research participants who are business owners and Information Technology (IT) managers. An online survey was used to collect data from the selected research participants. Results were analysed using content analysis and interpreted using the package with BN tools, and risk analysis techniques. The results were further discussed, and the study concluded with remarks and future developments.