The Severity and Effects of Cyber-breaches in SMEs: a Machine Learning Approach

In this paper, we investigate cyber breaches and their effects on small and medium entreprises (SMEs). This is an important gap that exists in the literature, considering the controversial role that SMEs play with cybersecurity and the importance that SMEs have in the economy. For the empirical study, we make use of the Cyber Security Breaches Survey data, which collects information on the management of cybersecurity in UK companies (Cyber Security Breaches Survey, 2016, 2017). The final sample consists of 1,348 UK SMEs in the period 2016–2017. From a cybersecurity point of view, our first group of contributions extends the literature on SMEs’ security. We extend previous works confirming that SMEs receive a wide variety of breaches, through malware in automated and non-automated attacks, followed by attacks of social enginering, exploiting staff vulnerabilities, even those derived from the misuse of the information systems (IS) in SMEs. Secondly, unlike previous works, we have characterized the degree of severity of breaches in SMEs, based on disruption time and their cost. Our last contribution consists of determining the effect and severity of breaches in SMEs in terms of economic, financial and management impacts, highlighting the differential aspects with large companies.