'Institute of Electrical and Electronics Engineers (IEEE)'
Abstract
The constantly evolving cyber threat landscape is a latent problem for today’s companies. This
is especially true for the Small and Medium-sized Enterprises (SMEs) because they have limited resources
to face the threats but, as a group, represent an extensive payload for cybercriminals to exploit. Moreover, the
traditional cybersecurity approach of protecting against known threats cannot withstand the rapidly evolving
technologies and threats used by cybercriminals. This study claims that cyber resilience, a more holistic
approach to cybersecurity, could help SMEs anticipate, detect, withstand, recover from and evolve after
cyber incidents. However, to operationalize cyber resilience is not an easy task, and thus, the study presents
a framework with a corresponding implementation order for SMEs that could help them implement cyber
resilience practices. The framework is the result of using a variation of Design Science Research in which
Grounded Theory was used to induce the most important actions required to implement cyber resilience and
an iterative evaluation from experts to validate the actions and put them in a logical order. Therefore, this
study proposes that the framework could benefit SME managers to understand cyber resilience, as well as
help them start implementing it with concrete actions and an order dictated by the experience of experts.
This could potentially ease cyber resilience implementation for SMEs by making them aware of what cyber
resilience implies, which dimensions it includes and what actions can be implemented to increase their cyber
resilience