Improving Cybersecurity Awareness Among SMEs in the Manufacturing Industry

Abstract

Small and medium-sized (SME) manufacturing enterprises have been described as a sector that traditionally has not been data-intensive, with low spending on IT and cybersecurity and employees with low cybersecurity awareness. SMEs have also been described as agile and under pressure to adopt new technology and embrace digitalization to gain a competitive advantage. Entering this data-intensive world also comes with new risks, making them extra vulnerable. Not much attention has been directed at how SMEs in the manufacturing sector are working with improving employees' cybersecurity awareness. Especially not where cybersecurity training programs are in focus. To investigate these aspects, we opted for a set of five SMEs in the manufacturing industry where it was possible to perform in-depth semi-structured interviews with chief information security officers' (CISO) and employees. The results show several interesting results, for example, regarding the view on contextualization of training material and the relevance of microlearning. The study also presents several practical implications, including recommendations for improving cybersecurity training measures for SMEs in the manufacturing sector.