Abstract
Background: The UK neoliberal government responsibilizes Small-to-Medium enterprises (SMEs) to take care of their own cyber-resilience, meaning that they do not receive any support if they fall victim to a cyber attack. Consequently, SMEs tend not to report cybercrimes.
Aim: The aim was to collaboratively develop, deliver, and evaluate a client-centred cybercrime training session with an accompanying booklet as means of achieving closure post-attack, upskilling an SME, increasing their knowledge and improving reporting.
Methods: We surveyed 9 staff of an attacked SME to elicit their training preferences; 6 staff members attended and 5 supplied feedback in the form of a post-training survey. From those who completed the survey, 2 staff members were interviewed. The results showed that the training helped some staff members take cyber-resilience into consideration because they supplied evidence of their learning either via the post-training survey or via the interviews.
Results: The training served to improve staff’s cyber-resilience awareness and skill-set to a limited degree. It became clear that the government’s responsibilization agenda deterred staff from reporting cybercrimes to Police Scotland.
Conclusions: Future work should engage with victimised SMEs and foster a trusting relationship. Academia can play a part in upskilling government-appointed cyber-resilience trainers.
Aim: The aim was to collaboratively develop, deliver, and evaluate a client-centred cybercrime training session with an accompanying booklet as means of achieving closure post-attack, upskilling an SME, increasing their knowledge and improving reporting.
Methods: We surveyed 9 staff of an attacked SME to elicit their training preferences; 6 staff members attended and 5 supplied feedback in the form of a post-training survey. From those who completed the survey, 2 staff members were interviewed. The results showed that the training helped some staff members take cyber-resilience into consideration because they supplied evidence of their learning either via the post-training survey or via the interviews.
Results: The training served to improve staff’s cyber-resilience awareness and skill-set to a limited degree. It became clear that the government’s responsibilization agenda deterred staff from reporting cybercrimes to Police Scotland.
Conclusions: Future work should engage with victimised SMEs and foster a trusting relationship. Academia can play a part in upskilling government-appointed cyber-resilience trainers.
Original language | English |
---|---|
Number of pages | 33 |
Publication status | Published - 5 Oct 2024 |
Event | The 2024 Dewald Roode Workshop on Information Systems Security Research - KSU Center, Kennesaw, United States Duration: 4 Oct 2024 → 5 Oct 2024 https://www.kennesaw.edu/coles/centers/cyber-center/events/dewald-roode-workshop.php |
Conference
Conference | The 2024 Dewald Roode Workshop on Information Systems Security Research |
---|---|
Abbreviated title | DRW2024 |
Country/Territory | United States |
City | Kennesaw |
Period | 4/10/24 → 5/10/24 |
Internet address |
Keywords
- cybercrime
- responsibilisation
- reporting
- training
- small-to medium-sized enterprises