As digitalization progresses, Swiss industrial small and medium-sized enterprises (SMEs) face increasing vulnerabilities due to limited resources, insufficient cybersecurity awareness, and reliance on shadow information technology (IT) systems (ENISA, Cybersecurity for SMEs: challenges and recommendations [1]). To address these challenges, this research introduces a practical cybersecurity self-assessment tool tailored to the specific needs of Swiss SMEs, particularly those outsourcing IT services. Developed iteratively and implemented via LimeSurvey, the tool enables SMEs to assess their cybersecurity posture and identify areas for improvement. Structured around the six dimensions of the National Institute of Standards and Technology Cybersecurity Framework 2.0 (NIST CSF)—Govern, Identify, Protect, Detect, Respond, and Recover—it encompasses 17 key criteria and 43 diagnostic affirmations, each accompanied by actionable recommendations. This approach synthesizes existing frameworks and research focused on SMEs’ cybersecurity requirements. Our findings underscore that SME managers require prescriptive guidance on enhancing their cybersecurity maturity, rather than descriptions of their current maturity levels. A preliminary field evaluation has been conducted, aligning the tool with real-world needs and expectations, thereby ensuring its practical relevance and effectiveness.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Moving Beyond Static Assessments: The Case of Swiss Industrial SMEs

  • Valeriya Barreau,
  • Maria Sokhn

摘要

As digitalization progresses, Swiss industrial small and medium-sized enterprises (SMEs) face increasing vulnerabilities due to limited resources, insufficient cybersecurity awareness, and reliance on shadow information technology (IT) systems (ENISA, Cybersecurity for SMEs: challenges and recommendations [1]). To address these challenges, this research introduces a practical cybersecurity self-assessment tool tailored to the specific needs of Swiss SMEs, particularly those outsourcing IT services. Developed iteratively and implemented via LimeSurvey, the tool enables SMEs to assess their cybersecurity posture and identify areas for improvement. Structured around the six dimensions of the National Institute of Standards and Technology Cybersecurity Framework 2.0 (NIST CSF)—Govern, Identify, Protect, Detect, Respond, and Recover—it encompasses 17 key criteria and 43 diagnostic affirmations, each accompanied by actionable recommendations. This approach synthesizes existing frameworks and research focused on SMEs’ cybersecurity requirements. Our findings underscore that SME managers require prescriptive guidance on enhancing their cybersecurity maturity, rather than descriptions of their current maturity levels. A preliminary field evaluation has been conducted, aligning the tool with real-world needs and expectations, thereby ensuring its practical relevance and effectiveness.