Abstract
The small and medium enterprises (SMEs) sector is the backbone of the economy, a big employment creator, poverty reducer and the main engine for economic growth. SMEs rely heavily on technology to conduct their business but are constraint by lack of information security knowledge to protect themselves against cyber-attacks that may render their business an easy prey. This paper investigates factors that may influence SMEs in South Africa in the adoption of a security framework. These factors were applied in the development of an information security adoption framework for SMEs. The study collected qualitative data by means of interviews. ISO/IEC 27002 information security framework formed the theoretical basis for this study. Thematic analysis was employed for analysis of the collected data. The results indicate that close to 90% of SMEs do not have security policies or a risk management strategy. The study identified new, important themes critical in the development of an information security adoption framework for SMEs: ISM Best Practices and technical security architecture. The study contributes a conceptual framework that illustrates how the identified themes relate to concepts essential to information security adoption among SMEs.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abor, J., Quartey, P.: Issues in SME development in Ghana and South Africa. Int. Res. J. Financ. Econ. 39(6), 215–228 (2010)
Alonso-Almeida, M.D.M., Bagur-Femenias, L., Llach, J., Perramon, J.: Sustainability in small tourist businesses: the link between initiatives and performance. Curr. Issue Tour. 21(1), 1–20 (2018)
Aman, A.H.M., Shaari, N., Ibrahim, R.: Internet of things energy system: Smart applications, technology advancement, and open issues. Int. J. Energy Res. 45(6), 8389–8419 (2021)
Amoah, J., Belas, J., Bélas, J., Dziwornu, R., Khan, K.A.: Enhancing SME contribution to economic development: a perspective from an emerging economy. J. Int. Stud. (2022)
Balozian, P., Leidner, D., Warkentin, M.: Managers’ and employees’ differing responses to security approaches. J. Comput. Inf. Syst. 59(3), 197–210 (2019)
Bakker, B.N., Lelkes, Y.: The structure, prevalence, and nature of mass belief systems. Cambridge Handb. Political Psychol. 89 (2022)
Bryson, J.M.: Strategic Planning for Public and Nonprofit Organizations: A Guide to Strengthening and Sustaining Organizational Achievement. Wiley, Hoboken (2018)
Chipunza, L.T., Naong, M.N.: Demographic variables as drivers of innovation in small accommodation businesses: a case of South Africa and Zimbabwe. Afr. J. Sci. Technol. Innov. Dev. 1–9 (2020)
Cooper, D.R., Schindler, P.S., Sun, J.: Business Research Methods, vol. 9, pp. 1–744. McgrawHill, New York (2006)
Da Veiga, A., Martins, N.: Improving the information security culture through monitoring and implementation actions illustrated through a case study. Comput. Secur. 49, 162–176 (2015)
Disterer, G.: ISO/IEC 27000, 27001 and 27002 for information security management (2013)
Fanta, A.B.: Complementarity between relationship lending and collateral in SME access to bank credit: evidence from Ethiopia. J. Afr. Bus. 17(3), 308–318 (2016)
Farrugia, L.: WASP (write a scientific paper): the ongoing process of ethical decision-making in qualitative research: Ethical principles and their application to the research process. Early Hum. Dev. 133, 48–51 (2019)
Felderer, M., Katt, B.: A process for mastering security evolution in the development lifecycle (2015)
Feng, N., Wang, M., Li, M., Li, D.: Effect of security investment strategy on the business value of managed security service providers. Electron. Commer. Res. Appl. 35, 100843 (2019)
Fink, A.: Conducting Research Literature Reviews: From the Internet to Paper. Sage Publications (2019)
Gbadeyan, A., Butakov, S., Aghili, S.: IT governance and risk mitigation approach for private cloud adoption: case study of provincial healthcare provider. Ann. Telecommun. 72(5–6), 347–357 (2017). https://doi.org/10.1007/s12243-017-0568-5
Hartmann, S.B., Nygaard, L.Q.V., Pedersen, S., Khalid, M.S.: The potentials of using cloud computing in schools: a systematic literature review. Turkish Online J. Educ. Technol. 16(1), 190–202 (2017)
Jahankhani, H., Meda, L.N.K., Samadi, M.: Cybersecurity challenges in small and medium enterprise (SMEs). In: Jahankhani, H., Kilpin, D.V., Kendzierskyj, S. (eds.) Blockchain and Other Emerging Technologies for Digital Business Strategies. ASTSA, pp. 1–19. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-98225-6_1
Jørgensen, K.: Integration of safety in management tasks in onshore transport SME’s. In: 8th International Conference on Working on Safety: Smart Prevention for Sustainable Safety, WOS 2015, pp. 50–62. Scientific Committee (2015)
Kaila, U., Nyman, L.: Information security best practices. Technol. Innov. Manag. Rev. (2018)
King, E.E.: Bring your own device security awareness and security behavior: a quantitative explanatory study. Doctoral dissertation, Capella University (2021)
Kotler, P., Burton, S., Deans, K., Brown, L., Armstrong, G.: Marketing. Pearson Higher Education (2015)
Lekhanya, L.M.: Public outlook on small and medium enterprises as a strategic tool for economic growth and job creation in South Africa. J. Gov. Regul. (2015)
Lekhanya, L.M., Olajumoke, N.G., Nirmala, D.: Exploring fast moving consumer goods (FMCG) Small, Medium, and Micro enterprises manufacturers’ need for innovation to achieve growth. Economics 8(2), 8–16 (2017)
Lenhard, T.H.: Configuration of security systems. In: Lenhard, T.H. (ed.) Data Security: Technical and Organizational Protection Measures against Data Loss and Computer Crime, pp. 87–92. Springer Fachmedien Wiesbaden, Wiesbaden (2022). https://doi.org/10.1007/978-3-658-35494-7_18
Littlejohn, S.W., Foss, K.A.: Theories of Human Communication, 9th edn. Thomson Higher Education, Belmont (2008)
Mambula, C.: Perceptions of SME growth constraints in Nigeria. J. Small Bus. Manag. 40(1), 58–65 (2002)
McIntosh, M. (ed.): Globalization and Corporate Citizenship: The Alternative Gaze: A Collection of Seminal Essays. Routledge (2017)
Menard, P., Bott, G.J., Crossler, R.E.: User motivations in protecting information security: protection motivation theory versus self-determination theory. J. Manag. Inf. Syst. 34(4), 1203–1230 (2017)
Myers, M.D.: Qualitative Research in Business and Management. Sage (2019)
Oppong, S.: Between Bandura and Giddens: structuration theory in social psychological research? (2014)
Nagahawatta, R., Warren, M., Lokuge, S., Salzman, S.: Security Concerns Influencing the Adoption of Cloud Computing by SMEs: A Literature (2021)
Quartey, P., Turkson, E., Abor, J.Y., Iddrisu, A.M.: Financing the growth of SMEs in Africa: what are the constraints to SME financing within ECOWAS? Rev. Dev. Financ. 7(1), 18–28 (2017)
Rehman, A.U., Anwar, M.: Mediating role of enterprise risk management practices between business strategy and SME performance. Small Enterp. Res. 26(2), 207–227 (2019)
Rodriguez, A.R., de Sevilla Müller, L.P., Brecha, N.C.: The RNA binding protein RBPMS is a selective marker of ganglion cells in the mammalian retina. J. Comp. Neurol. 522(6), 1411–1443 (2014)
Saffady, W.: Managing Information Risks: Threats, Vulnerabilities, and Responses. Rowman & Littlefield Publishers (2020)
Shin, D.W., Hwang, E.: A Lagrangian multiplier test for market microstructure noise with applications to sampling interval determination for realized volatilities. Econ. Lett. 129, 95–99 (2015)
Shojaifar, A., Järvinen, H.: Classifying SMEs for approaching cybersecurity competence and awareness. In: The 16th International Conference on Availability, Reliability and Security, pp. 1–7 (2021)
Smith, D.T., Ali, A.I.: You’ve been hacked: a technique for raising cyber security awareness. Issues Inf. Syst. 20(1) (2019)
Spurling, G., Felton-Busch, C., Larkins, S.: Aboriginal and Torres Strait Islander health. Aust. J. Prim. Health 24(5), i–ii (2018)
Srivastava, S.R., Dube, S., Shrivastaya, G., Sharma, K.: Smartphone triggered security challenges—issues, case studies and prevention. In: Cyber Security in Parallel and Distributed Computing: Concepts, Techniques, Applications and Case Studies, pp. 187–206 (2019)
StatsSA website. https://www.statssa.gov.za/?p=13900. Accessed 17 Dec 2020
Subiantoro, I.H.: Pertunjukan Ritual Seren Taun Di Cigugur Kabupaten Kuningan Jawa Barat. Doctoral dissertation, PPS ISI Yogyakarta (2018)
Sungkawati, E., Suarniati, N.W., Hernanik, N.D., Anugerah, R.: SMEs creative economy in the Covid-19. Arch. Bus. Rev. 9(1) (2021)
Taiwo, J.N., Falohun, T.O.: SMEs financing and its effects on Nigerian economic growth. Eur. J. Bus. Econ. Accountancy 4(4) (2016)
Torten, R.J.: A quantitative regression study of the impact of security aware-ness on information technology professionals’ desktop security behavior. Doctoral dissertation, Capella University (2018)
Vagle, M.D.: Crafting Phenomenological Research. Routledge (2018)
Valli, C., Martinus, I., Stanley, J., Kirby, M.: CyberCheck.me: a review of a small to medium enterprise cyber security awareness program. In: Daimi, K., Arabnia, H.R., Deligiannidis, L., Hwang, M.-S., Tinetti, F.G. (eds.) Advances in Security, Networks, and Internet of Things. TCSCI, pp. 233–242. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-71017-0_17
Vom Brocke, J., Simons, A., Riemer, K., Niehaves, B., Plattfaut, R., Cleven, A.: Standing on the shoulders of giants: challenges and recommendations of literature search in information systems research. Commun. Assoc. Inf. Syst. 37(1), 9 (2015)
Wang, E.S.T.: Role of privacy legislations and online business brand image in consumer perceptions of online privacy risk. J. Theor. Appl. Electron. Commer. Res. 14(2), 59–69 (2019)
Webster, J., Watson, R.T.: Analyzing the past to prepare for the future: writing a literature review. MIS Q. xiii–xxiii (2002)
Weinman, J.: The evolving cloud. IEEE Cloud Comput. 4(3), 4–6 (2017)
Wu, Y., Tayi, G.K., Feng, G., Fung, R.Y.: Managing information security outsourcing in a dynamic cooperation environment. J. Assoc. Inf. Syst. 22(3), 2 (2021)
Yeomans, L.: Qualitative methods in business research (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Moeti, M.N., Langa, M.R., Sigama, K. (2023). Information Security Framework Adoption for South African Small and Medium Enterprise. In: Ndayizigamiye, P., Twinomurinzi, H., Kalema, B., Bwalya, K., Bembe, M. (eds) Digital-for-Development: Enabling Transformation, Inclusion and Sustainability Through ICTs. IDIA 2022. Communications in Computer and Information Science, vol 1774. Springer, Cham. https://doi.org/10.1007/978-3-031-28472-4_14
Download citation
DOI: https://doi.org/10.1007/978-3-031-28472-4_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-28471-7
Online ISBN: 978-3-031-28472-4
eBook Packages: Computer ScienceComputer Science (R0)