Investigating the Factors Inhibiting SMEs from Recognizing and Measuring Losses From Cyber Crime in South Africa

Gino Bougaardt; Michael Kyobe

Investigating the Factors Inhibiting SMEs from Recognizing and Measuring Losses From Cyber Crime in South Africa

Authors

Gino Bougaardt
Michael Kyobe

Keywords:

cybercrime, recognition and measuring losses, SMEs, victimisation

Abstract

The level of cyber attacks on organisations has increased tremendously in recent years. When such attacks occur, organisations need to assess the damage and loss from this crime. While large organisations have the mechanisms to determine such losses, SMEs lack such capability and often ignore the need to implement effective information security measures (Kyobe, 2008; Altbeker, 2000; Upfold and Sewry, 2005). Consequently, their risk exposure to cyber threats and the losses they incur from these attacks are often high (Ngo, Zhou, Chonka and Singh, 2009). However, the current legislative requirements, costly legal liabilities for non‑compliance, and increasing pressure by stakeholders (e.g., lenders, business partners) on SMEs to comply with good practices suggest that SMEs cannot ignore security any longer. In order to ensure accountability and compliance with security requirements, it is imperative for SMEs to identify, account and report cyber incidents and losses resulting from cyber attacks. This study investigated the factors that inhibit SMEs from recognizing and measuring losses from cyber attacks in South Africa. A survey involving twenty organisations from different business sectors was conducted and the results indicate that victimisation, resulting from a lack of awareness of cyber‑crime has the greatest influence on SMEs ability to recognise and prepare losses from cyber attacks.

Downloads

Published

1 Sep 2011

Issue

Vol. 14 No. 2 (2011)

Section

Articles

License

Open Access Publishing

The Electronic Journal of Information Systems Evaluation operates an Open Access Policy. This means that users can read, download, copy, distribute, print, search, or link to the full texts of articles, crawl them for indexing, pass them as data to software, or use them for any other lawful purpose, without financial, legal, or technical barriers other than those inseparable from gaining access to the internet itself. The only constraint on reproduction and distribution, and the only role for copyright in this domain, is that authors control the integrity of their work, which should be properly acknowledged and cited.

This Journal is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.