Developing a Cybersecurity Evaluation Model (CSEM) for Indian SMEs working in a Virtual Team environment

The scale and sophistication of cyberattacks continue to increase post-COVID-19 and it has become critical for businesses to safeguard their information and Information Technology (IT) assets. Consequently, there is an unprecedented increase in the number of employees working outside an organisation’s IT infrastructure and a few SMEs have also encouraged to use the of personal digital devices and switched to cloud computing to sustain the pressure without adding additional security measures. Due to this, workplace software, applications and tools are becoming increasingly exposed to cyber- attacks. 

The purpose of this research is to establish a cybersecurity evaluation model (CSEM) that can be leveraged by SMEs which will help them assess their cyber-risk portfolio. This study subsequently will raise awareness among SMEs and point out areas where SMEs could focus their efforts to enhance cybersecurity in their organisation, thus allowing them to proactively prevent reputational and financial losses. 

Based on the research project and the methodology used in the past for similar research, a quantitative approach has been chosen for this research. This research proposed the Cybersecurity Evaluation Model (CSEM) for SMEs that consists of a 28 questions online survey to assess their preparedness for working in a virtual environment. The online survey was responded to by IT Managers, CTOs, CEO and cybersecurity admins of Indian SMEs via Qualtrics and the data was statistically analysed and measured. In addition, the data were collected, imported into the SPSS (Statistical Package for the Social Sciences) system, and analysed to generate insightful conclusions. 

The findings of the CSEM investigation revealed that most SMEs do not have the basic cybersecurity measures implemented. Indian SMEs are below average than the recommended controls in asset management, cybersecurity awareness and training and risk assessment and management as most of them are still formalising these processes and adopting a reactive approach to the incidents. On the other hand, Indian SMEs are slightly above average in Identity and access management and detection processes which means that Indian SMEs are maturing in these processes. 

The findings also indicated that these SMEs are very vulnerable to cyberattacks if SMEs don’t improvise on their current cybersecurity posture. Furthermore, the analysis revealed that SMEs are aware of the potential consequences of a cybersecurity breach, but SMEs are constrained by internal factors such as limited budget, training and support from senior management. 

Implementing a CSEM will not only assist Indian SMEs in identifying their strengths and weaknesses but will also include simple best-practice guidelines for effectively plugging their cybersecurity flaws while working remotely. SMEs need to enforce the thesis- recommended security measures, as failing to do so may jeopardise their entire enterprise and their operational and financial viability.