How much more will it need? Determinants of risk-driven cybersecurity adoption in Swiss SMEs: a structural equation modelling approach

Abstract The rapid escalation of cybercrime has become a global cybersecurity concern, one that requires enacting safety precautions and urgent attention from managers, industry partners, governments, experts, and the international research community. Consequently, this study aimed to investigate managers’ risk-driven cybersecurity adoption determinants within SMEs in Switzerland using an extended protection motivation theory. It explores the significance of four broad categories of potential determinants that significantly affect behavioural intentions and influence risk-driven cybersecurity adoption intention in SMEs: managerial perceived cybersecurity efficacy, response efficacy, implementation expectancy, and preparedness. A conceptual research model was formulated, and the ensuing hypotheses were tested using a partial least squares structural equation modelling approach. It was shown that four predictors significantly contribute to managers adopting protective cybersecurity measures, explaining 40% of the variance (R2) in behavioural intention. These findings highlight novel insights into managers’ acceptance of cybersecurity adoption and the institutionalization of favourable policy guidelines as early guidance for expanding prosperous SMEs in developed economies and beyond.