A framework for cyber security awareness in small, medium and micro enterprises (SMMEs) in South Africa

Abstract

In South Africa, there is a rapid increase of cyber attacks intended for organisations regardless of size and industry. Cyber attacks are directed at businesses of all sizes; however, small, medium and micro enterprises (SMMEs) are impacted most because of limited information technology (IT) skills and financial support to prevent cyber threats. There is a significant increase in SMMEs in South Africa which are important because of their contribution to the country’s economy. Organisations, including SMMEs, are converted gradually to depend on IT to sustain their competitive advantage and boost services. In South Africa, many organisations, including SMMEs, are still not effectively prepared to prevent cybercrimes. Therefore, there is a need to create cyber security awareness for SMMEs because they have a direct impact on the cyber security infrastructure of the country. Based on systematic literature review findings, a research gap has been identified whereby a cyber security awareness study has not been conducted for South African SMMEs where a suitable model and framework for raising cyber security awareness for SMMEs in South Africa have been developed. The main aim of the research study is to develop a framework for cyber security awareness for South African SMMEs (Csa4Smmes {RSA} framework). This research study follows the design science research methodology (DSRM) approach. This approach is most suitable and carefully selected to address the purpose of the study. Models and frameworks have been evaluated to develop components of the conceptual Csa4Smmes {RSA} framework which are used as building blocks to develop the intermediate Csa4Smmes {RSA} framework. Semi-structured interviews with experts in cyber security, science and technology awareness as well as SMMEs management and operation were conducted to demonstrate and evaluate the intermediate Csa4Smmes {RSA} framework. Consequently, this framework was produced as an artefact to enhance cyber security awareness levels within SMMEs in South Africa. Cyber security awareness has been demonstrated to be an effective approach to enhance cyber security awareness level. Therefore, the Csa4Smmes {RSA} framework can assist government in reducing cyber attacks associated with internet users.