Project Details
Description
Cybernetic risk refers to risks generated using information and communication technologies caused
by people or organizations. The literature shows a gap between the exposition, perception, and
preparation of small and medium enterprises (SMEs) to mitigate cybernetic risk. This situation
aggravates by the lack of cybersecurity-qualified personnel, which makes SMEs vulnerable to
cyber-attacks. Developing an active and resilient posture allows them to manage these risks,
maximizing their growth and innovation and creating more valuable organizations.
This research aims to evaluate the cybernetic risk to which SMEs are exposed to recommend riskreduction strategies that allow them to develop a competitive advantage. We will carry out a first
quantitative research stage to establish the maturity level according to the best cybersecurity
practices and obtain the evaluation report for the SMEs in Costa Rica. In the second stage, we will
delve into the SMEs' cybersecurity practices through the focus groups technique, and finally, the
third stage where we will analyze the cybersecurity risks through a mixed approach according to
the results from the first two research stages.
The topic is relevant because it pretends to evaluate the identified risks through an integral
methodology and suggests recommendations so that small and medium enterprises can create a
plan to prioritize and implement the most suitable improvements for each case. As well as to develop
and transfer good practices manual to the stakeholders to promote a cybersecurity culture
contextualized to the national reality. The proposal is new as it was reported in the literature
regarding cybersecurity in SMEs, only 0.5% of the research applies a mixed approach, and there
was no evidence found of studies in Costa Rica. Besides, it proposes a venture initiative between
academia and the private sector on the promotion of a cybersecurity culture, filling the gaps
identified in the Costa Rican National Cybersecurity Strategy Review.
Finally, regarding the academic product, the results will be published in journals such as Computer
and Education or Information Technology and People, both indexed in Scopus, or International
Journal of Information Management, indexed in Web of Science. In addition, we consider
participation with paper presentations in international conferences like CLADEA or ALAFEC, and a
national congress such as the Research and Extension Meeting from the Business Administration
School at TEC.
by people or organizations. The literature shows a gap between the exposition, perception, and
preparation of small and medium enterprises (SMEs) to mitigate cybernetic risk. This situation
aggravates by the lack of cybersecurity-qualified personnel, which makes SMEs vulnerable to
cyber-attacks. Developing an active and resilient posture allows them to manage these risks,
maximizing their growth and innovation and creating more valuable organizations.
This research aims to evaluate the cybernetic risk to which SMEs are exposed to recommend riskreduction strategies that allow them to develop a competitive advantage. We will carry out a first
quantitative research stage to establish the maturity level according to the best cybersecurity
practices and obtain the evaluation report for the SMEs in Costa Rica. In the second stage, we will
delve into the SMEs' cybersecurity practices through the focus groups technique, and finally, the
third stage where we will analyze the cybersecurity risks through a mixed approach according to
the results from the first two research stages.
The topic is relevant because it pretends to evaluate the identified risks through an integral
methodology and suggests recommendations so that small and medium enterprises can create a
plan to prioritize and implement the most suitable improvements for each case. As well as to develop
and transfer good practices manual to the stakeholders to promote a cybersecurity culture
contextualized to the national reality. The proposal is new as it was reported in the literature
regarding cybersecurity in SMEs, only 0.5% of the research applies a mixed approach, and there
was no evidence found of studies in Costa Rica. Besides, it proposes a venture initiative between
academia and the private sector on the promotion of a cybersecurity culture, filling the gaps
identified in the Costa Rican National Cybersecurity Strategy Review.
Finally, regarding the academic product, the results will be published in journals such as Computer
and Education or Information Technology and People, both indexed in Scopus, or International
Journal of Information Management, indexed in Web of Science. In addition, we consider
participation with paper presentations in international conferences like CLADEA or ALAFEC, and a
national congress such as the Research and Extension Meeting from the Business Administration
School at TEC.
General Objective
Evaluar el riesgo cibernético al que están expuestas las
Pymes mediante un estudio mixto para recomendar estrategias de reducción del
riesgo que les permita desarrollar una ventaja competitiva.
Pymes mediante un estudio mixto para recomendar estrategias de reducción del
riesgo que les permita desarrollar una ventaja competitiva.
Research Lines
Entorno y Gestión de Negocios. Emprendimiento e Innovación
| Status | Finished |
|---|---|
| Effective start/end date | 1/01/24 → 31/12/25 |
Keywords
- Cybersecurity
- cyber risk
- SMEs
- cyber maturity
- cybernetic resilience
Fingerprint
Explore the research topics touched on by this project. These labels are generated based on the underlying awards/grants. Together they form a unique fingerprint.