Investigating The Factors and Impact of Cybercrime on Small-To Medium-Sized Business (SMBs): Analysing risks, factors, and solutions

Ugochukwu Anthony Igboko
IT Analyst, Digital and ICT, South Tyneside Council, United Kingdom
DOI – http://doi.org/10.37502/IJSMR.2025.8606

Abstract

This study examines how cybercrime affects small and medium-sized businesses (SMBs) and recommends ways to make them more secure. The increasing prevalence of cyber threats and the vulnerability of SMBs in the current digital landscape highlight the importance of addressing cybersecurity challenges. The study aims to provide a comprehensive understanding of cybercrime against SMBs and develop a practical framework to mitigate these threats.

The research employs quantitative research design with a survey-based approach. A sample of SMB owners, managers, and IT personnel was selected using purposive and stratified random sampling techniques. Data was collected through a structured questionnaire, and descriptive and inferential statistical techniques were used for data analysis. The research methodology ensures the validity and reliability of the findings.

According to the research findings, phishing attacks are the most frequent cyber-threat to SMBs, followed by insider threats. Cybercriminals target servers as their main target, taking advantage of vulnerabilities like outdated software, weak passwords, and a lack of multi-factor authentication. Although preventive measures like multi-factor authentication and routine software upgrades are commonly used, SMBs still face difficulties due to a lack of funding, cybersecurity experience, and resources. These challenges call for recommended solutions which are carefully implemented based on the identified challenges. The study emphasises the importance of considering emerging threats, human factors, cybersecurity regulations, economic impacts, collaboration and information sharing, socio-cultural factors, supply chain risk, evaluation of cybersecurity frameworks, long-term impact of cyber incidents, and the role of automation and artificial intelligence in SMB cybersecurity.

In conclusion, this study provides valuable insights into the factors and impacts of cybercrime on SMBs and proposes a practical framework to enhance their cybersecurity. The research contributes to ongoing efforts to protect SMBs from cyber threats and creates awareness among policymakers, industry practitioners, and researchers about the specific challenges faced by SMBs in the digital landscape. Implementing the proposed framework can help SMBs strengthen their cybersecurity resilience and mitigate insider threats. Future research in the identified areas can further enhance the understanding and support SMBs in navigating the evolving cyber threat landscape

Keywords: UK council, Healthcare, SLR, cyber resilience.

References

  • AAG (2023). The Latest 2023 Cyber Crime Statistics (updated March 2023). Available at: https://aag-it.com/the-latest-cyber-crime-statistics/
  • Abel Yeboah-Ofori & Francisca Afua Opoku-Boateng (2023). Mitigating cybercrimes in an evolving organizational landscape. https://www.emerald.com/insight/content/doi/10.1108/CRR-09-2022-0017/full/html
  • Ahn, J. N., Hu, D., & Vega, M. (2019). “Do as I do, not as I say”: Using social learning theory to unpack the impact of role models on students’ outcomes in education. Social and Personality Psychology Compass, 14(2), 1–12. https://doi.org/10.1111/spc3.12517
  • Ambika, Dr. T., & Senthilvel, Dr. K. (2020). Cyber Crimes against the State: A Study on Cyber Terrorism in India. Webology, 17(2), 65–72. https://doi.org/10.14704/web/v17i2/web17016
  • Ani Petrosyan (2023). Number of ransomware attacks worldwide from 1st quarter 2020 to 4th quarter 2022. https://www.statista.com/statistics/1315826/ransomware-attacks-worldwide/
  • Australian Government. (2021, August 3). Protect your business from cyber threats | business.gov.au. Business.gov.au. https://business.gov.au/online/cyber-security/protect-your-business-from-cyber-threats
  • Back, S., & LaPrade, J. (2020). Cyber-Situational Crime Prevention and the Breadth of Cybercrimes among Higher Education Institutions. International Journal of Cybersecurity Intelligence & Cybercrime, 3(2), 25–47. https://vc.bridgew.edu/ijcic/vol3/iss2/3/
  • Bender-Salazar, R. (2023). Design thinking as an effective method for problem-setting and needfinding for entrepreneurial teams addressing wicked problems. Journal of Innovation and Entrepreneurship, 12(1). https://doi.org/10.1186/s13731-023-00291-2
  • Bello, M., & Griffiths, M. (2020). Routine Activity Theory and Cybercrime Investigation in Nigeria: How Capable Are Law Enforcement Agencies? Rethinking Cybercrime, 213–235. https://doi.org/10.1007/978-3-030-55841-3_11
  • CESER (2021). C2M2, version 2.0. https://www.energy.gov/sites/default/files/2021-07/C2M2%20Version%202.0%20July%202021_508.pdf
  • Chris Sylvester (2018). Your Small Business’s Greatest Cybersecurity Threat Comes from Inside.. Network Depot. https://www.networkdepot.com/small-business-insider-threats/
  • (n.d.). Splunk Architecture: Components and Best Practices. Cloudian. Retrieved July 13, 2023, from https://cloudian.com/guides/splunk-big-data/splunk-architecture-data-flow-components-and-topologies/#:~:text=Splunk%20gathers%20logs%20by%20monitoring
  • Daniel, K., & Andreas, J. (2022). Evaluation of AI-based use cases for enhancing the cyber security defense of small and medium-sized companies (SMEs). Electronic Imaging, 34(3), 387–381387–388. https://doi.org/10.2352/ei.2022.34.3.mobmu-387
  • Eybers, S., & Mvundla, Z. (2021). Investigating Cyber Security Awareness (CSA) Amongst Managers in Small and Medium Enterprises (SMEs). Comprehensible Science, 180–191. https://doi.org/10.1007/978-3-030-85799-8_16
  • Fahlevi, M., Saparudin, M., Maemunah, S., Irma, D., & Ekhsan, M. (2019). Cybercrime Business Digital in Indonesia. E3S Web of Conferences, 125(21001), 21001. https://doi.org/10.1051/e3sconf/201912521001
  • Ho, Mr. H., Ko, P. R., & Mazerolle, P. L. (2022). Situational Crime Prevention (SCP) Techniques to Prevent and Control Cybercrimes: A Focused Systematic Review. Computers & Security, 115, 102611. https://doi.org/10.1016/j.cose.2022.102611
  • IBM (2019). Cost of data breach report. https://www.ibm.com/downloads/cas/RDEQK07R
  • Idem, U. J., Olarinde, E. S., Ikpeze, N. G., Anwana, Emem, O., Ogundele, A. T., & Awodiran, M. A. (2023). Cybercrime Regulatory Agencies need urgent Reform to Protect Nigeria. 2023 International Conference on Cyber Management and Engineering (CyMaEn). https://doi.org/10.1109/cymaen57228.2023.10050994
  • João, A., Plesker, C., Klaus Schützer, Anderl, R., Schleich, B., & Almeida, V. R. (2023). Artificial Intelligence-Based Cyber Security in the Context of Industry 4.0—A Survey. Electronics, 12(8), 1920–1920. https://doi.org/10.3390/electronics12081920
  • Keary, T. (2018). 9 Best SIEM Tools: A Guide to Security Information and Event Management. Comparitech.com. https://www.comparitech.com/net-admin/siem-tools/
  • Kergroach, S., Becker, S., Bernat, L., & Bernat, S. K., Stefan Becker and Laurent. (2022, March 14). Shielding SMEs – how to boost their defence against cyberattacks – Cogito. Oecdcogito.blog. https://oecdcogito.blog/2022/03/14/shielding-smes-how-to-boost-their-defence-against-cyberattacks/
  • Koteshwar, M., & Singh, B. B. J. (2019). Survey Report on Cyber Crimes and Cyber Criminals Get Protected from Cyber Crimes Review Paper. International Journal of Computer Sciences and Engineering, 7(12), 99–109. https://doi.org/10.26438/ijcse/v7i12.99109
  • Lee, C. S., & Wang, Y. (2022). Typology of Cybercrime Victimization in Europe: A Multilevel Latent Class Analysis. Crime & Delinquency, 001112872211188. https://doi.org/10.1177/00111287221118880
  • Li, Y., & Liu, Q. (2021). A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments. Energy Reports, 7(7), 8176–8186. Sciencedirect. https://doi.org/10.1016/j.egyr.2021.08.126
  • Lionel Sujay Vailshery (2023). Year-over-year (YoY) increase in open source software (OSS) supply chain attacks worldwide from 2020 to 2022. https://www.statista.com/statistics/1268934/worldwide-open-source-supply-chain-attacks/
  • Maimon, D., Howell, C. J., Perkins, R. C., Muniz, C. N., & Berenblum, T. (2021). A Routine Activities Approach to Evidence-Based Risk Assessment: Findings From Two Simulated Phishing Attacks. Social Science Computer Review, 089443932110463. https://doi.org/10.1177/08944393211046339
  • Mittal, S., & Ilavarasan, P. V. (2019). Demographic Factors in Cyber Security: An Empirical Study. Lecture Notes in Computer Science, 667–676. https://doi.org/10.1007/978-3-030-29374-1_54
  • National Cyber Security Alliance. (2019). Small Business Cybersecurity Survey. Retrieved from https://staysafeonline.org/wp-content/uploads/2019/10/2019-NCSA-SMB-Security-Report.pdf
  • NCSC (2019). Annual Review. https://www.ncsc.gov.uk/annual-review/2019/ncsc/docs/ncsc_2019-annual-review.pdf
  • Neufeld, D. (2023). Computer crime motives: Do we have it right? Sociology Compass, 17(4). https://doi.org/10.1111/soc4.13077
  • Neufeld, D. (2023). Computer crime motives: Do we have it right? Sociology Compass. https://doi.org/10.1111/soc4.13077
  • Niko Bender (2018). Two Sides of DDoS Attacks: The Largest Attack of All Time and Focus on SMEs. https://www.dotmagazine.online/issues/economic-engine-digital-infrastructure/interconnected-digital-world/two-sides-of-ddos-attacks
  • Noche, E. B. (2021). A Literature Review of Empirical Studies on Cyber Security Workforce Development. Asian Journal of Multidisciplinary Studies, 4(2), 65–73. https://www.asianjournal.org/online/index.php/ajms/article/view/346
  • Paoli, L., Visschers, J., & Verstraete, C. (2018). The impact of cybercrime on businesses: a novel conceptual framework and its application to Belgium. Crime, Law and Social Change, 70(4), 397–420. https://doi.org/10.1007/s10611-018-9774-y
  • Pedreira, V., Barros, D., & Pinto, P. (2021). A Review of Attacks, Vulnerabilities, and Defenses in Industry 4.0 with New Challenges on Data Sovereignty Ahead. Sensors, 21(15), 5189. https://doi.org/10.3390/s21155189
  • Raja, N. M., & Vegad, S. (2023). An empirical study for the traffic flow rate prediction-based anomaly detection in software-defined networking: a challenging overview. Social Network Analysis and Mining, 13(1). https://doi.org/10.1007/s13278-023-01057-0
  • Robin Materese (2018). Small Business Cybersecurity Corner. https://www.nist.gov/itl/smallbusinesscyber
  • Saridakis, G., Benson, V., Ezingeard, J.-N., & Tennakoon, H. (2016). Individual information security, user behaviour and cyber victimisation: An empirical study of social networking users. Technological Forecasting and Social Change, 102, 320–330. https://doi.org/10.1016/j.techfore.2015.08.012
  • Saxena, N., Hayes, E., Bertino, E., Ojo, P., Choo, K.-K. R., & Burnap, P. (2020). Impact and Key Challenges of Insider Threats on Organizations and Critical Businesses. Electronics, 9(9), 1460. https://doi.org/10.3390/electronics9091460
  • Sikra, J., Renaud, K. V., & Thomas, D. R. (2023). UK cybercrime, victims and reporting : a systematic review. Commonwealth Cybercrime Journal, 1(1), 28–59. https://strathprints.strath.ac.uk/84979/
  • Smith, M. A. (2020). Social Learning and Addiction. Behavioural Brain Research, 398(1), 112954. https://doi.org/10.1016/j.bbr.2020.112954
  • (2021). Splunk Validated Architectures. https://www.splunk.com/en_us/pdfs/tech-brief/splunk-validated-architectures.pdf
  • (2023a). Annual number of malware attacks worldwide from 2015 to 2022. Statista. https://www.statista.com/statistics/873097/malware-attacks-per-year-worldwide/
  • Statista (2021). Global distributed denial of service (DDoS) attacks worldwide in 2021, by attacked country. https://www.statista.com/statistics/1255583/ddos-attacks-by-attacked-country/
  • Statista (2022a). Distribution of cyber attacks across worldwide industries in 2022. https://www.statista.com/statistics/1315805/cyber-attacks-top-industries-worldwide/
  • Statista (2022b). Distribution of web application critical vulnerabilities worldwide as of 2022. https://www.statista.com/statistics/806081/worldwide-application-vulnerability-taxonomy/
  • Statista (2022c). Industry sectors most frequently targeted by malware attacks worldwide from July 2022 to August 2022. https://www.statista.com/statistics/1326618/industry-sectors-targeted-by-malware-attacks-worldwide/
  • Statista (2023b). Phishing attack volume in global companies 2021. https://www.statista.com/statistics/1149241/share-organizations-worldwide-phishing-attack/#:~:text=Phishing%20attack%20rate%20among%20businesses%20worldwide%202021&text=A%202021%20survey%20revealed%20that
  • (2016). Internet Security Threat Report. https://
  • symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf
  • Table, H. (2020a, April 14). ISO 27001 Security Awareness Training Policy Ultimate Guide. High Table. https://hightable.io/iso27001-security-awareness-training-policy-template-beginners-guide/#:~:text=The%20ISO%2027001%20Security%20Awareness%20Training%20Policy%20is%20to%20ensure
  • Table, H. (2020b, August 17). ISO 27001 Access Control Policy Ultimate Guide. High Table. https://hightable.io/iso-27001-access-control-policy-ultimate-guide/#:~:text=The%20ISO%2027001%20Access%20Control%20Policy%20ensures%20the%20correct%20access
  • Tawalbeh, L., Darwazeh, N. S., Al-Qassas, R. S., & AlDosari, F. (2015). A Secure Cloud Computing Model based on Data Classification. Procedia Computer Science, 52, 1153–1158. https://doi.org/10.1016/j.procs.2015.05.150
  • Team, A. A. T. (2020, March 25). Complete List of Cyber Security Standards (Updated 2021). All about Testing. https://allabouttesting.org/complete-list-of-cyber-security-standards/
  • Tessian (2022). Insider Threat Statistics You Should Know: Updated 2022. https://www.tessian.com/blog/insider-threat-statistics/
  • University of Maryland. (2019). Small Business Cybersecurity Survey. https://www.umgc.edu/content/dam/umgc/documents/upload/maryland-cybersecurity-council-activities-report-2017-2019.pdf
  • Verison (2019). Shut down insider threats. https://www.verizon.com/business/resources/reports/insider-threat-report/
  • Verizon (2022). Data Breach Investigations Report. Retrieved from https://enterprise.verizon.com/resources/reports/dbir/
  • World Bank (2023). Small and Medium Enterprises (SMEs) Finance. Available at: https://www.worldbank.org/en/topic/smefinance#:~:text=SMEs%20account%20for%20the%20majority,(GDP)%20in%20emerging%20economies