Tools
Tools
Awan, Mujtaba 
ORCID: https://orcid.org/0000-0001-9055-2869 and Alam, Abu ORCID: https://orcid.org/0000-0002-5958-7905
(2025)
Cybersecurity Threats and Defensive Strategies for Small and Medium Firms: A Systematic Mapping Study.
Administrative Sciences, 15 (12).
p. 481.
doi:10.3390/admsci15120481
Preview |
Text
15728 Mujtaba, A and Abu, A (2025) Cybersecurity Threats and Defensive Strategies for Small and Medium Firms A Systematic Mapping Study.pdf - Published Version Available under License Creative Commons Attribution 4.0. Download (2MB) | Preview |
Abstract
Small- and Medium-sized Enterprises (SMEs) play a crucial role in the global economy, accounting for approximately two-thirds of global employment and contributing significantly to the GDP of developed countries. Despite the availability of various cybersecurity standards and frameworks, SMEs remain highly vulnerable to cyber threats. Limited resources and a lack of expertise in cybersecurity make them frequent targets for cyberattacks. It is essential to identify the challenges faced by SMEs and explore effective defensive strategies to enhance the implementation of cybersecurity measures. The study aims to bridge the gap and help these organizations in implementing cost-effective and practical cybersecurity approaches through a systematic mapping study (SMS) conducted, where 73 articles were thoroughly reviewed. This research will shed light on the current cybersecurity approaches (practices) posture for different SMEs, along with the threats they are facing, which have stopped them from deciding, planning, and implementing cybersecurity measures. The study identified a wide range of cybersecurity threats, including phishing, social engineering, insider threats, ransomware, malware, denial of services attacks, and weak password practices, which are the most prevalent for SMEs. This study identified defensive practices, such as cybersecurity awareness and training, endpoint protection tools, incident response planning, network segmentation, access control, multi-factor authentication (MFA), access controls, privilege management, email authentication and encryption, enforcing strong password policies, cloud security, secure backup solutions, supply chain visibility, and automated patch management tools, as key measures. The study provides valuable insights into the specific gaps and challenges faced by SMEs, as well as their preferred methods of seeking and consuming cybersecurity assistance. The findings can guide the development of targeted defensive practices and policies to enhance the cybersecurity posture of SMEs for successful software development. This SMS will also provide a foundation for future research and practical guidelines for SMEs to improve the process of secure software development.
| Item Type: | Article |
|---|---|
| Article Type: | Article |
| Additional Information: | This article belongs to the Special Issue Building Resilient and Agile SMEs: Strategic Responses to Digital Disruption and Transformation |
| Uncontrolled Keywords: | Cybersecurity; Small and medium-sized enterprise; SMEs; Threats and defensive approaches; Systematic mapping study |
| Related URLs: | |
| Subjects: | H Social Sciences > HD Industries. Land use. Labor > HD2340.8 Small and Medium-sized businesses, artisans, handcrafts, trades H Social Sciences > HD Industries. Land use. Labor > HD28 Management. Industrial Management > HD61 Risk in industry. Risk management |
| Divisions: | Schools and Research Institutes > School of Business, Computing and Social Sciences |
| Depositing User: | Kamila Niekoraniec |
| Date Deposited: | 07 Jan 2026 11:46 |
| Last Modified: | 12 Jan 2026 08:00 |
| URI: | https://eprints.glos.ac.uk/id/eprint/15728 |
University Staff: Request a correction | Repository Editors: Update this record
