Abstract
Background: The UK neoliberal government responsibilizes Small-to-Medium enterprises (SMEs) to take care of their own cyber-resilience, meaning that they do not receive any support if they fall victim to a cyber attack. Consequently, SMEs tend not to report cybercrimes.
Aim: The aim was to collaboratively develop, deliver, and evaluate a client-centred cybercrime training session with an accompanying booklet as means of achieving closure post-attack, upskilling an SME, increasing their knowledge and improving reporting.
Methods: We surveyed 9 staff of an attacked SME to elicit their training preferences; 6 staff members attended and 5 supplied feedback in the form of a post-training survey. From those who completed the survey, 2 staff members were interviewed. The results showed that the training helped some staff members take cyber-resilience into consideration because they supplied evidence of their learning either via the post-training survey or via the interviews.
Results: The training served to improve staff’s cyber-resilience awareness and skill-set to a limited degree. It became clear that the government’s responsibilization agenda deterred staff from reporting cybercrimes to Police Scotland.
Conclusions: Future work should engage with victimised SMEs and foster a trusting relationship. Academia can play a part in upskilling government-appointed cyber-resilience trainers.
Aim: The aim was to collaboratively develop, deliver, and evaluate a client-centred cybercrime training session with an accompanying booklet as means of achieving closure post-attack, upskilling an SME, increasing their knowledge and improving reporting.
Methods: We surveyed 9 staff of an attacked SME to elicit their training preferences; 6 staff members attended and 5 supplied feedback in the form of a post-training survey. From those who completed the survey, 2 staff members were interviewed. The results showed that the training helped some staff members take cyber-resilience into consideration because they supplied evidence of their learning either via the post-training survey or via the interviews.
Results: The training served to improve staff’s cyber-resilience awareness and skill-set to a limited degree. It became clear that the government’s responsibilization agenda deterred staff from reporting cybercrimes to Police Scotland.
Conclusions: Future work should engage with victimised SMEs and foster a trusting relationship. Academia can play a part in upskilling government-appointed cyber-resilience trainers.
| Original language | English |
|---|---|
| Number of pages | 33 |
| Publication status | Published - 5 Oct 2024 |
| Event | The 2024 Dewald Roode Workshop on Information Systems Security Research - KSU Center, Kennesaw, United States Duration: 4 Oct 2024 → 5 Oct 2024 https://www.kennesaw.edu/coles/centers/cyber-center/events/dewald-roode-workshop.php |
Conference
| Conference | The 2024 Dewald Roode Workshop on Information Systems Security Research |
|---|---|
| Abbreviated title | DRW2024 |
| Country/Territory | United States |
| City | Kennesaw |
| Period | 4/10/24 → 5/10/24 |
| Internet address |
Funding
The first author would like to thank the University of Strathclyde for the grant of £56,154.89 as well as the Scottish Institute for Policing Research (SIPR) for the grant of £38,154.92. Importantly, the first author thanks Dr Jean Carletta for her expertise and additional grant (£2,559.06) via the University of St Andrews in Scotland.
Keywords
- cybercrime
- responsibilisation
- reporting
- training
- small-to medium-sized enterprises
