Investigating the Security Divide between SME and Large Companies: How SME Characteristics Influence Organizational IT Security Investments

Lagging IT security investments in small and medium-sized enterprises (SME) point towards a security divide between SME and large enterprises, yet our structured literature review shows that organizational IT security research has largely neglected the SME context. In an effort to expose reasons for...

Full description

Saved in:
Bibliographic Details
Published in:Information systems frontiers 2019-12, Vol.21 (6), p.1285-1305
Main Authors: Heidt, Margareta, Gerlach, Jin P., Buxmann, Peter
Format: Article
Language:English
Subjects:
Budgeting
Business and Management
Control
Information systems
Information technology
IT in Business
Literature reviews
Management of Computing and Information Systems
Operations Research/Decision Theory
Security
Small & medium sized enterprises-SME
Systems Theory
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Lagging IT security investments in small and medium-sized enterprises (SME) point towards a security divide between SME and large enterprises, yet our structured literature review shows that organizational IT security research has largely neglected the SME context. In an effort to expose reasons for this divide, we build on extant research to conceptualize SME-specific characteristics in a framework and suggest propositions regarding their influence on IT security investments. Based on 25 expert interviews, emerging constraints are investigated and validated. Our findings imply that several widely held assumptions in extant IT security literature should be modified if researchers claim generalizability of their results in an SME context. Exemplary assumptions include the presence of skilled workforce, documented processes or IT-budget planning which are often un(der) developed in SME. Additionally, our study offers context-specific insights regarding particular effects of identified constraints on IT security investments for all involved stakeholders (researchers, SME, large enterprises, governments).
ISSN:1387-3326
1572-9419
DOI:10.1007/s10796-019-09959-1