Exploring the economic role of cybersecurity in SMEs: A case study of the UK

This study explores the economic role of cybersecurity in Small and Medium Enterprises (SMEs), situating cybersecurity within the framework of merit-goods within the economic theory of market failures and public goods. By examining 240 SMEs across the UK, the empirical findings of this investigation...

Full description

Saved in:
Bibliographic Details
Published in:Technology in society 2024-09, Vol.78, p.102670, Article 102670
Main Authors: Arroyabe, Marta F., Arranz, Carlos F.A., Fernandez De Arroyabe, Ignacio, Fernandez de Arroyabe, Juan Carlos
Format: Article
Language:English
Subjects:
Cybersecurity
Cybersecurity control
Cybersecurity incidents
Cybersecurity management
Merit-good
SME
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:This study explores the economic role of cybersecurity in Small and Medium Enterprises (SMEs), situating cybersecurity within the framework of merit-goods within the economic theory of market failures and public goods. By examining 240 SMEs across the UK, the empirical findings of this investigation underscore its classification as a merit-good due to its extensive social benefits and the critical gap in its optimal provision. The results confirm the existence of market failure, such as the lack and asymmetry of information regarding cybersecurity, acknowledging the myopia and lack of information within SMEs, leading to suboptimal implementation of cybersecurity. Moreover, the lack of optimal implementation is evidenced by the findings indicating that neither cybersecurity incidents nor cybersecurity impacts in SMEs drive the implementation of cybersecurity. Additionally, we observe that implementation is more focused on control systems than on management systems, which is a significant differentiating factor from large enterprises. The study contributes theoretically by framing cybersecurity as a merit-good, provides managerial insights into SME cybersecurity practices, and emphasizes the importance of nuanced policies to bridge the implementation gap. •This research investigates the economic and managerial aspects of cybersecurity in SMEs, framing it as a merit-good.•Drawing from the theory of market failures and public goods, we conducted an empirical analysis on 240 SMEs across the UK.•Findings reveal market failures that hinder optimal cybersecurity implementation and prompt government intervention.•SMEs underinvest in cybersecurity due to insufficient information, low digitalization & cybersecurity incidents perception.
ISSN:0160-791X
DOI:10.1016/j.techsoc.2024.102670