How to evaluate the cyber risk of SMEs? An Academia strategy to create competitive advantages (#639)

Authors

Rojas-Segura, Javier

Martinez-Villavicencio, Jose

Faith-Vargas, Margie

Arce, Susan

Arroyo-Herrera, Mauricio

Mateu, Guillermo

Rodriguez Bravo, Cesar

Abstract

Cyber risk refers to the risks arising from the use of information and communication technologies (ICT), whether by individuals or organizations. Literature highlights a gap between exposure, perception, and preparedness of small and medium-sized enterprises (SMEs) in mitigating cyber risk. This situation is exacerbated by a shortage of qualified personnel in cybersecurity, placing SMEs in a vulnerable position against cyber attacks. However, developing an active and resilient posture enables them to effectively manage these risks, fostering not only growth but also innovation, leading to more valuable organizations. Therefore, the objective of this research is to propose a methodology to enable the development of an instrument to evaluate cyber risk in SMEs. Additionally, it aims to design a strategy for transferring knowledge from Academia to SMEs to mitigate the risk of cyber attacks, allowing them to gain a competitive advantage. This topic is relevant because through a comprehensive methodology, risks can be identified, and recommendations can be suggested, enabling SMEs to create a plan to prioritize and implement the most appropriate improvements for each case.