Cybersecurity Resilience in SMEs. A Machine Learning Approach

This study investigates cybersecurity resilience in small and medium-sized enterprises (SMEs), focusing on three key aspects: the capacity to handle potential cyber incidents, the ability to recover from such incidents, and the capability to adapt in the face of possible cyber threats. Grounded in the Resource-Based View (RBV) framework, we conduct an empirical investigation utilizing a survey of 239 UK SMEs. The study makes a theoretical and methodological contribution, with significant implications for managers. First, the study highlights the lack of SMEs’ engagement with the management of cybersecurity and finds cybersecurity incidents to be the most important factor in driving resilience, as compared to cybersecurity capabilities. Moreover, the study also extends the RBV theory, emphasizing the importance of the interaction between cybersecurity capabilities affecting SMEs’ cybersecurity resilience. Second, the study showcases the potential of statistical methods, particularly machine learning techniques to identify the relationships between the factors affecting SMEs’ cybersecurity.