Cybersecurity for Small and Medium Enterprises (CySME)

Professor Lisa Short

Group Chair


Team members:
  • Prof. Sally Eaves (Co-Chair)
  • Prof. Karen Renaud (Co- Chair)
  • Philip Ingram
  • Basma Khalil
  • Fahad Nabeel

It is a very sobering thought that the vulnerability of small and medium size business from cyber breaches is growing annually at greater than 400%. Education, investment, research and awareness of heightened risk requires decoupling from perception that SME’s have less to offer cyber criminals and hackers.

Approximately 400 million Small to Medium Enterprises are the backbone of the global economy and are the main source of job creation and employment accounting for over 95% of all businesses and 60% to 70% of employment. SMEs also generate a large share of new jobs and start-ups in OECD economies, and even more in the EU, where they represent approximately 99% of all businesses, create around 85% of new jobs and provide two-thirds of the total private sector employment. The name can be misleading with many countries including businesses with up to 200 employees and in the US up to 500 – and multimillion dollar turnovers. In emerging nations such as Sub-Saharan Africa SME’s are critical drivers of economic growth. In Zambia 99.5% of all its 66K businesses are SME’s and create unprecedented market potential to meet population growth.

The misconception of size compared to the devastation and cost that cyber-attacks and lack of cyber resilience preparedness cause is vast. As a result, they have a lowered guard, with over 78% the target of cyber-attacks, tend to be more focused on other priorities than cybersecurity and yet like the rest of the economy unaware they also play a critical role in the supply chain where small leads to bigger and hungrier fish. SME’s are being compromised by the number one human centered threat tactic - phishing and social engineering attacks – so education becomes a key strategic tool. However, the mind shift praxis required remains elusive to behavioural change.

CySME is a special interest group working to focus cyber research and tangible solutions on SME’s including:

  • Cyber culture and threat awareness
  • Conversion of liability thinking to asset management
  • Global cyber supply chain positioning and risk management
  • Responsibilities and vulnerabilities of SME’s
  • Emerging technologies and cybersecurity
  • Public-private collaboration on cybersecurity
  • Cyber education programmes
  • Data and digitisation
  • As a focus within other SIG’s
SIG in Cybersecurity for Small and Medium Enterprises (CySME)