Exploring SME cybersecurity practices in developing countries

The continued use of information technology systems by small and medium enterprises (SMEs) in developing countries has the potential to bring significant benefits but, at the same time, expose them to online cybersecurity threats. Addressing these threats is, therefore, of paramount importance for developing countries, not only because SMEs are seen as the vehicle for employment and job creation, but because research on SMEs and cybersecurity in this context is limited. This study is a contribution toward addressing this gap.The purpose of this study is, therefore, to explore SME cybersecurity practices and the challenges they face in developing countries. The goal is to sensitize practitioners and government institutions about the challenges and practices faced by SMEs, so that the various parties can work collaboratively in providing context-specific solutions to address these challenges and improve current cybersecurity practices. The study follows a qualitative enquiry approach to solicit information from three South African SMEs that had implemented cybersecurity practices. The findings show that an SME’s perception of cybersecurity is constrained by internal factors of budget, management support, and attitudes. Further findings show that SMEs’ cybersecurity practices are affected by the landscape of cybersecurity, as well as institutional pressures.